Particle.news
Download on the App Store
15 ARTICLES
·
2d ago

US, UK and Allies Tie Salt Typhoon Campaign to Three Chinese Tech Firms

Officials say the long-running effort exploited known weaknesses in network edge devices to reach critical networks worldwide.

16 December 2021, Baden-Wuerttemberg, Rottweil: A hacker software is open on a laptop. Photo: Silas Stein/dpa (Photo by Silas Stein/picture alliance via Getty Images)
Image
Image
Figurines with computers and smartphones are seen in front of the words "Cyber Attack" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo

Overview

  • An international advisory from the UK’s NCSC, the NSA, FBI and partners in more than a dozen countries names Sichuan Juxinhe, Beijing Huanyu Tianqiong and Sichuan Zhixin Ruijie as enabling the Salt Typhoon operations.
  • FBI Assistant Director Brett Leatherman said the campaign compromised at least 200 U.S. organizations and victims in 80 countries, expanding well beyond previously disclosed telecom targets.
  • Agencies report the actors favored widely known, fixable vulnerabilities on routers and other edge devices, citing flaws in Ivanti Connect Secure, Palo Alto PAN‑OS GlobalProtect, Cisco IOS XE and Cisco Smart Install.
  • Separately, Google’s Threat Intelligence Group detailed a March operation by UNC6384 using captive‑portal hijacks to push a signed downloader (STATICPLUGIN) that deployed an in‑memory PlugX variant (SOGU.SEC) against diplomats.
  • Google blocked malicious domains and hashes, issued government‑backed attacker alerts to affected Gmail and Workspace users, and released IoCs and YARA rules, advising caution with certificates issued to Chengdu Nuoxin Times.