NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Salt Typhoon

Salt Typhoon

G1045 China MITRE ATT&CK →

Overview

Salt Typhoon is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at major U.S. telecommunication and internet service providers (ISP).

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190

TTPs — 14 techniques across 10 tactics

Reconnaissance

Resource Development

Initial Access

Persistence

Credential Access

Lateral Movement

  • T1021.004 SSH

Collection

Command and Control

Tools & malware (1)

JumbledPath

Reporting (2)