"Salt Typhoon is an espionage gang linked to the People's Republic of China that hacked America's major telecommunications firms and stole metadata and other information belonging to " nearly every American," according to a top FBI cyber official who spoke with The Register about the intrusions. The crew's actions against US telcos came to light last year; however, it has been active since at least 2019."
"In the European telco intrusion described by Darktrace, the suspected spies exploited a buggy Citrix NetScaler Gateway appliance in the first week of July 2025 to gain access to the telecom's network, according to the AI-powered security shop's research team. While Darktrace doesn't say which flaw(s) the suspected Chinese snoops abused to break in, Citrix had a busy summer patching security holes in its NetScaler Gateway products that had already been found and exploited by attackers."
Salt Typhoon appears to have successfully attacked a European telecommunications firm. Salt Typhoon is an espionage gang linked to the People's Republic of China that previously hacked major American telecommunications firms and stole metadata and other information belonging to nearly every American. The group has been active since at least 2019, employing tactics such as exploiting edge devices, planting backdoors for stealthy long-term network access, and exfiltrating sensitive data across more than 80 countries. The suspected European intrusion used a buggy Citrix NetScaler Gateway appliance in the first week of July 2025. Citrix patched multiple NetScaler flaws in June and August, including CVE-2025-6543 and CVE-2025-5777 (CitrixBleed 2), with some added to CISA's Known Exploited Vulnerabilities catalog.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]