Ethical Hacking News
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage: A New Layer of Deception
A recent discovery by threat hunters at Silent Push has uncovered a set of previously unreported domains associated with China-linked threat actors known as Salt Typhoon and UNC4841. The domains, totaling 45 in number, span multiple years and highlight the persistent nature of Salt Typhoon's operations. This revelation underscores the importance of continuous monitoring, vigilance, and international cooperation in detecting and countering cyber espionage threats.
The threat hunter Silent Push has discovered 45 previously unreported domains associated with China-linked threat actors Salt Typhoon and UNC4841.The domains, some of which date back to May 2020, are linked to a zero-day exploit (CVE-2023-2868) that could have been used to gain unauthorized access to sensitive information.Salt Typhoon is believed to be operated by China's Ministry of State Security (MSS), highlighting the sophistication and coordination within cyber espionage campaigns.Threat hunters advise searching DNS logs for past requests to identified domains or IP addresses, particularly during the time periods in which this actor operated them.The discovery emphasizes the need for international cooperation and information sharing between nations and cybersecurity experts to counter cyber espionage networks.
In a recent revelation, threat hunters at Silent Push have discovered a set of previously unreported domains associated with China-linked threat actors known as Salt Typhoon and UNC4841. The domains, totaling 45 in number, span multiple years, with the oldest registration activity occurring as far back as May 2020. This discovery not only sheds light on the persistent nature of Salt Typhoon's operations but also highlights the intricate web of deception used by these threat actors.
The identified infrastructure has been found to share a level of overlap with another China-associated hacking group tracked as UNC4841, which is best known for its zero-day exploitation of a security flaw in Barracuda Email Security Gateway (ESG) appliances. This zero-day exploit, CVE-2023-2868, boasts a CVSS score of 9.8, signifying a significant vulnerability that could have been exploited to gain unauthorized access to sensitive information.
Salt Typhoon, active since 2019, drew widespread attention last year for its targeting of telecommunications services providers in the U.S. Believed to be operated by China's Ministry of State Security (MSS), the threat cluster shares similarities with activities tracked as Earth Estries, FamousSparrow, GhostEmperor, and UNC5807. The involvement of MSS underscores the level of sophistication and coordination within these cyber espionage campaigns.
The discovery of these 45 domains, some of which date back to 2020, not only signifies a continuation of Salt Typhoon's activities but also indicates a deliberate attempt to evade detection. Threat hunters at Silent Push emphasize the importance of searching DNS logs for the past five years for requests to any of the identified domains or their subdomains. Furthermore, they advise checking for requests to listed IP addresses, particularly during the time periods in which this actor operated them.
This revelation serves as a stark reminder of the ever-evolving nature of cyber threats and the importance of continuous monitoring and vigilance. As threat actors continue to adapt and evolve their tactics, it is crucial that organizations invest in robust security measures and stay informed about emerging threats.
The identification of these 45 domains also underscores the need for better international cooperation and information sharing between nations and cybersecurity experts. By pooling resources and knowledge, it may be possible to dismantle these complex cyber espionage networks and prevent further compromise.
In conclusion, the discovery of these previously unreported domains by Silent Push highlights a new layer of deception in the world of cyber espionage. As Salt Typhoon continues to operate in the shadows, it is essential that organizations and governments remain vigilant and proactive in their efforts to detect and counter these threats.
Related Information:
https://www.ethicalhackingnews.com/articles/A-New-Layer-of-Deception-45-Previously-Unreported-Domains-Expose-Longstanding-Salt-Typhoon-Cyber-Espionage-ehn.shtml
https://thehackernews.com/2025/09/45-previously-unreported-domains-expose.html
https://nvd.nist.gov/vuln/detail/CVE-2023-2868
https://www.cvedetails.com/cve/CVE-2023-2868/
Published: Mon Sep 8 21:08:28 2025 by llama3.2 3B Q4_K_M
