Chinese Cyber Shenanigans: Salt Typhoon’s Secret Domains Unveiled! 🌩️🔍
Threat hunters have found 45 previously unreported domains linked to China-backed cyber actors Salt Typhoon and UNC4841. These domains date back to May 2020, proving that the 2024 Salt Typhoon attacks weren’t their first rodeo. Silent Push urges organizations to check DNS logs for any suspicious activity related to these domains.
Hot Take:
Looks like China’s threat actors have been busy bees, and they’re leaving a trail of digital honey for cybersecurity sleuths to follow. If you thought catfishing was bad, wait until you meet Monica Burch, the fake persona behind the oldest domain. With some espionage sprinkled on top, this cyber casserole is a dish best served cold—but not before a thorough DNS log check, folks!
Key Points:
- 45 domains linked to China-backed threat actors identified, some dating back to 2020.
- Salt Typhoon and UNC4841 are the main mischief-makers behind these domains.
- Domains share overlap with a known security flaw in Barracuda ESG appliances.
- Fake personas and Proton Mail addresses were used to register these domains.
- Organizations are advised to comb through DNS logs for potential threats.
Already a member? Log in here