← Back to Actors
Salt Typhoon
Salt Typhoon
[Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at major U.S. telecommunication and internet service providers (ISP).(Citation: US Dept. of Treasury Salt Typhoon JAN 2025)(Citation: Cisco Salt Typhoon FEB 2025)
14
Techniques
13
Covered
1
Gaps
93%
Coverage
Coverage13/14
GAPS (1)
COVERED (13)
T1021.004SSH31 det.T1040Network Sniffing15 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol20 det.T1070.002Clear Linux or Mac System Logs8 det.T1098.004SSH Authorized Keys12 det.T1110.002Password Cracking2 det.T1136Create Account32 det.T1190Exploit Public-Facing Application208 det.T1562.004Disable or Modify System Firewall45 det.T1572Protocol Tunneling51 det.T1587.001Malware9 det.T1588.002Tool13 det.T1602.002Network Device Configuration Dump1 det.