Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading.
A cyber intrusion linked to the China-based group Salt Typhoon has been identified by cybersecurity researchers, involving the exploitation of a Citrix NetScaler Gateway vulnerability.
The operation, observed by Darktrace, involved advanced methods such as DLL sideloading and zero-day exploits – known techniques the group uses to infiltrate systems while avoiding standard detection measures.
- Salt Typhoon, also known as Earth Estries, GhostEmperor and UNC2286, has been active since at least 2019.
- The group is associated with a series of high-impact cyber campaigns directed at critical sectors, including telecommunications, energy and government systems, across more than 80 countries.
While the United States has been a frequent target, recent activity shows a broader reach across Europe, the Middle East and Africa.
Author's summary: China-linked group Salt Typhoon launches global cyber-attack.