Ethical Hacking News
Silent Push has uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020. The revelation sheds new light on the activities of Salt Typhoon, a group known for its sophisticated cyber espionage tactics and connections to the People's Republic of China.
Silent Push has uncovered dozens of domains used by Chinese espionage crew Salt Typhoon, with connections dating back to 2020.The domains were discovered through analysis of registration patterns in Salt Typhoon's command and control infrastructure.The domains include a Hong Kong newspaper, raising questions about the group's intentions.Salt Typhoon and UNC4841 are known for their sophisticated cyber espionage tactics and connections to the People's Republic of China.The discovery highlights the ongoing threat posed by Salt Typhoon and UNC4841, with significant risk associated with all domains linked to the groups.
Silent Push, a threat intelligence firm, has recently uncovered dozens of domains used by Chinese espionage crew Salt Typhoon to gain stealthy, long-term access to victim organizations going back as far as 2020. This revelation sheds new light on the activities of Salt Typhoon, a group known for its sophisticated cyber espionage tactics and connections to the People's Republic of China.
According to Silent Push, the firm has identified 45 domains linked to Salt Typhoon or UNC4841, a similar group known for targeting critical infrastructure in various countries. The domains, which were previously unreported, were discovered by analyzing key registration patterns in Salt Typhoon's command and control (C2) infrastructure. The researchers found that several of the domains shared the same registrant - "almost certainly fake" personas including "Shawn Francis," "Monica Burch," and "Tommie Arnold," most using ProtonMail email addresses, and all of whom purportedly live in the US and have physical addresses that don't exist.
One of the domains uncovered by Silent Push appears to be a Hong Kong newspaper: newhkdaily[.]com. The researchers noted that it is unclear whether this domain is an impersonation of a Hong Kong media source with which they are unfamiliar, a Psychological Operation (PSYOP) campaign, or simply a propaganda front.
The discovery of these domains highlights the ongoing threat posed by Salt Typhoon and UNC4841, groups known for their advanced persistent threats (APTs). According to Silent Push, both groups have been linked to numerous high-profile cyber attacks in recent years, including hacks on major telecommunications firms, government organizations, and private companies.
In a statement, Silent Push noted that "all domains associated with Salt Typhoon and UNC4841 present a significant level of risk." The firm emphasized the importance of proactive measures in defending against this evolving threat. Researchers recommend defenders check their telemetry and historic logs against these newly-identified domains, as well as use lists of low-density IP addresses observed in the DNS A records for all of these Salt Typhoon-related domains, as hunting tools to help boot Chinese spies off of critical networks.
The revelation of Salt Typhoon's domain network is significant, as it underscores the need for greater cooperation and information sharing between governments and private companies to combat this type of global cyber espionage. As noted by Silent Push, "it's an ongoing cat-and-mouse game" in this space, with both adversaries and defenders continually adapting and evolving their tactics.
Furthermore, the discovery of Salt Typhoon's domain network raises questions about the extent of China's involvement in global cyber espionage operations. According to FBI officials, Salt Typhoon has been linked to a series of high-profile cyber attacks on major telecommunications firms, government organizations, and private companies. The group is believed to have stolen metadata and other information belonging to "nearly every American," according to a top FBI cyber official.
In light of this new information, concerns about China's role in global cyber espionage operations are likely to grow. As researchers continue to uncover the tactics and techniques used by groups like Salt Typhoon, it is essential that governments and private companies work together to develop effective countermeasures against these threats.
The discovery of Salt Typhoon's domain network is a sobering reminder of the ongoing threat posed by global cyber espionage operations. As the cat-and-mouse game between adversaries and defenders continues to evolve, it is crucial that we prioritize information sharing, cooperation, and proactive measures to defend against this type of threat.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Uncovering-of-Salt-Typhoon-A-Global-Cyber-Espionage-Operation-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/09/08/salt_typhoon_domains/
Published: Mon Sep 8 15:18:58 2025 by llama3.2 3B Q4_K_M
