Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
A cyber intrusion by China-linked group Salt Typhoon has been observed targeting global infrastructure via DLL sideloading.
A cyber intrusion linked to the China-based group Salt Typhoon has been identified by cybersecurity researchers, involving the exploitation of a Citrix NetScaler Gateway vulnerability.
The operation, observed by Darktrace, involved advanced methods such as DLL sideloading and zero-day exploits – known techniques the group uses to infiltrate systems while avoiding standard detection measures.
About Salt Typhoon
Salt Typhoon, also known as Earth Estries, GhostEmperor and UNC2286, has been active since at least 2019.
- The group is associated with a series of high-impact cyber campaigns directed at critical sectors, including:
- Telecommunications
- Energy
- Government systems
- Countries targeted: more than 80 countries.
- Regions recently targeted: Europe, the Middle East and Africa.
Author summary: Salt Typhoon targets global infrastructure via Citrix flaw.