More than a dozen intelligence agencies and law enforcement agencies from around the world have issued a joint warning about the activities of Chinese cyber groups, among which Salt Typhoon has been named the most dangerous. The document reveals attack methods and provides recommendations for protecting critical infrastructure.
The joint cybersecurity guidance, titled *“Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System,”* provides a detailed description of the tactics and techniques of Chinese APT groups. It notes that they successfully exploit both known vulnerabilities (CVEs) and configuration flaws to penetrate networks around the world.
Telecommunications companies, government agencies, transportation, hospitality, and even military infrastructure have been hit. The focus is on manipulating core and edge routers, which allows attackers to establish themselves in networks for a long time and transmit data unnoticed.
In addition to Salt Typhoon, the document identifies groups such as OPERATOR PANDA, RedMike, UNC5807 and GhostEmperor. They have similar methods: initial penetration, lateral movement in the network, data collection, and exfiltration.
The international coalition includes the United States, Australia, Canada, the United Kingdom and New Zealand (the Five Eyes alliance), as well as Germany, Italy, the Netherlands, Japan, the Czech Republic, Spain, Poland and Finland. The document specifically names three Chinese companies that the authors say provide services used for espionage:
Sichuan Juxinhe Network Technology
Beijing Huanyu Tianqiong Information Technology
Sichuan Zhixin Ruijie Network Technology
The US has already imposed sanctions on Sichuan Juxinhe due to its links to the Salt Typhoon attacks, which in 2024 affected nine US telecommunications companies, the US Treasury Department and even the Trump campaign headquarters. In total, the laptops of White House officials and the email accounts of hundreds of banking regulators were hacked.
An international warning confirms that Chinese state-sponsored APT groups pose a systemic threat to global cybersecurity. States and private companies are advised to closely monitor for signs of network compromise, especially in the telecommunications sector, and strengthen protection against known vulnerabilities.
