China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years

China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach.

The China-linked cyberespionage group known as Salt Typhoon has been compromising backbone and edge routers globally for persistent access to networks across multiple industries, government agencies in the US and allied countries warn.

Also tracked as GhostEmperor, Operator Panda, RedMike, and UNC5807, the threat group has been conducting cyberespionage operations in the US, Australia, Canada, New Zealand, and UK, and across other regions for over half a decade, the agencies note in a joint advisory.

Blamed for multiple intrusions at telecom companies in the US and Canada, and for the hacking of a US National Guard unit, Salt Typhoon has been busy targeting government, telecom, transportation, lodging, and military infrastructure networks globally since at least 2021, the advisory reads.

The APT’s operations have ...