← Back to Actors
Salt Typhoon
Salt Typhoon
[Salt Typhoon](https://attack.mitre.org/groups/G1045) is a People's Republic of China (PRC) state-backed actor that has been active since at least 2019 and responsible for numerous compromises of network infrastructure at major U.S. telecommunication and internet service providers (ISP).(Citation: US Dept. of Treasury Salt Typhoon JAN 2025)(Citation: Cisco Salt Typhoon FEB 2025)
16
Techniques
15
Covered
1
Gaps
94%
Coverage
Coverage15/16
GAPS (1)
COVERED (15)
T1021.004SSH34 det.T1040Network Sniffing15 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol21 det.T1070.002Clear Linux or Mac System Logs8 det.T1098.004SSH Authorized Keys12 det.T1110.002Password Cracking2 det.T1136Create Account38 det.T1190Exploit Public-Facing Application216 det.T1562.004Disable or Modify System Firewall48 det.T1572Protocol Tunneling56 det.T1587.001Malware10 det.T1588.002Tool13 det.T1602.002Network Device Configuration Dump1 det.T1685.006Clear Linux or Mac System Logs4 det.T1686Disable or Modify System Firewall19 det.