Salt Typhoon
MITRE G1013
Reports
8
First seen
Jul 23
Last seen
Jun 10
Motivation
espionage, espionage, lawful intercept access
Targeting
Sectors
telecommunications ×1other ×1government ×1
Victim regions
United Kingdom ×1United States ×1
Top ATT&CK techniques
T1190 Exploit Public-Facing Application ×7T1566 Phishing ×5T1078 Valid Accounts ×3T1486 Data Encrypted for Impact ×3T1047 Windows Management Instrumentation ×2T1598 Phishing for Information ×2T1195 Supply Chain Compromise ×2T1021 Remote Services ×2T1110 Brute Force ×2T1041 Exfiltration Over C2 Channel ×2T1003 OS Credential Dumping ×2T1005 Data from Local System ×2
Indicators
cve ×29domain ×9filename ×8url ×3email ×1ip_v4 ×1
Indicator values are available on Pro and via the API.
Associated CVEs
CVE-2026-20045 (exploited)CVE-2021-26829 (exploited)CVE-2021-26855 (exploited)CVE-2021-26857 (exploited)CVE-2021-26858 (exploited)CVE-2021-27065 (exploited)CVE-2021-43798 (exploited)CVE-2023-2868 (exploited)CVE-2023-3519 (exploited)CVE-2023-7102 (exploited)CVE-2024-3400 (exploited)CVE-2025-0282 (exploited)CVE-2025-12825 (exploited)CVE-2025-25257 (exploited)CVE-2025-26399 (exploited)CVE-2025-27915 (exploited)CVE-2025-38067 (exploited)CVE-2025-41244 (exploited)CVE-2025-53690 (exploited)CVE-2025-61882 (exploited)
Recent reports
High