The report by CrowdStrike reveals the advanced techniques used by the Chinese threat actor Salt Typhoon (LIMINAL PANDA) in targeting telecommunication companies. They employed methods like compromising an eDNS server using SSH password spraying, avoiding detection by focusing on non-Windows environments, and using minimal tools like the PingPong malware for persistence. Salt Typhoon also blended into network traffic using emulation tools and established multiple backdoors to maintain long-term operations across various networks.
Sort: