{"id":59254,"date":"2025-08-28T07:32:12","date_gmt":"2025-08-28T07:32:12","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/"},"modified":"2025-08-28T07:32:12","modified_gmt":"2025-08-28T07:32:12","slug":"if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/","title":{"rendered":"If you thought China&#8217;s Salt Typhoon was booted off critical networks, think again"},"content":{"rendered":"<p>China&#8217;s Salt Typhoon cyberspies continue their years-long hacking campaign targeting critical industries around the world, according to a joint security alert from cyber and law enforcement agencies across 13 countries.<\/p>\n<p>The USA\u2019s FBI and CISA first alerted the public about Salt Typhoon&#8217;s &#8220;<a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/11\/14\/salt_typhoon_hacked_multiple_telecom\/\">significant cyber espionage campaign<\/a>&#8221; late last year, and later warned the Chinese snoops&#8217; telco intrusions allowed them to geo-locate millions of subscribers, monitor their internet traffic, and &#8220;<a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/12\/09\/white_house_salt_typhoon\/\">record their phone calls<\/a> \u2013 with victims reportedly including &#8220;<a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/02\/25\/china_hacked_gop_emails\/\">President Donald Trump and Vice President JD Vance<\/a>.\u201d<\/p>\n<p>It now appears that the hacking activities extended far beyond <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/01\/06\/charter_consolidated_windstream_salt_typhoon\/\">American telecommunications<\/a> and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/01\/15\/salt_typhoon_us_govt_networks\/\">federal networks<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Active since at least 2019, these actors conducted a significant cyber-espionage campaign, breaching global telecommunications privacy and security norms,&#8221; FBI cyber division boss Brett Leatherman said on Wednesday in a <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.fbi.gov\/video-repository\/salttyphoon082725.mp4\/view\">video message<\/a> announcing the joint advisory.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Earlier in the day, Leatherman told media outlets that Salt Typhoon targeted more than <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.wsj.com\/politics\/national-security\/chinese-spies-hit-more-than-80-countries-in-salt-typhoon-breach-fbi-reveals-59b2108f?\">600 organizations<\/a> across <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.washingtonpost.com\/technology\/2025\/08\/27\/fbi-advisory-china-hacking-expansion\/\">80 countries<\/a>.<\/p>\n<p>The <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/media.defense.gov\/2025\/Aug\/22\/2003786665\/-1\/-1\/0\/CSA_COUNTERING_CHINA_STATE_ACTORS_COMPROMISE_OF_NETWORKS.PDF\">37-page advisory<\/a> includes indicators of compromise associated with Chinese government spies seen as recently as June, and says targeted sectors include, but are not limited to telecommunications, government, transportation, lodging, and military infrastructure networks.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,dmpu,\" data-sm=\",fluid,mpu,dmpu,\" data-md=\",fluid,mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;While these actors focus on large backbone routers of major telecommunications providers, as well as provider edge (PE) and customer edge (CE) routers, they also leverage compromised devices and trusted connections to pivot into other networks,&#8221; the US and its allies warned. &#8220;These actors often modify routers to maintain persistent, long-term access to networks.&#8221;<\/p>\n<blockquote class=\"pullquote\" readability=\"7\">\n<p>Salt Typhoon is a persistent actor. Even if one method of access is thwarted, they are going to keep trying to get in<\/p>\n<\/blockquote>\n<p>The international coalition also called out three China-based entities affiliated with Salt Typhoon \u2013 Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology \u2013 that it accused of providing cyber products and services to China&#8217;s Ministry of State Security and People&#8217;s Liberation Army.<\/p>\n<p>In January, the US issued &#8220;<a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/01\/17\/fcc_telcos_calea\/\">sanctions<\/a> on one of the three, Sichuan Juxinhe Network Technology, which it said was affiliated with Salt Typhoon.<\/p>\n<p>The advisory lists CVEs that Salt Typhoon commonly exploits to gain initial access. These include:<\/p>\n<blockquote>\n<ul>\n<li><a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/06\/25\/cisa_ivanti_chemical_facilities\/\">CVE-2024-21887<\/a> \u2013 Ivanti Connect Secure and Ivanti Policy Secure web-component command injection vulneraspithobility, commonly chained with an authentication bypass bug tracked as CVE-2023-46805.<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/04\/12\/palo_alto_pan_flaw\/\">CVE-2024-3400<\/a> \u2013 Palo Alto Networks PAN-OS GlobalProtect arbitrary file creation leading to OS command injection. The CVE allows for unauthenticated remote code execution (RCE) on firewalls when GlobalProtect is enabled on specific versions\/configurations.<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/02\/13\/salt_typhoon_pwned_7_more\/\">CVE-2023-20273<\/a> \u2013 Cisco Internetworking Operating System (IOS) XE software web management user interface post-authentication command injection\/privilege escalation (commonly chained with CVE-2023-20198 for initial access to achieve code execution as root)<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-iosxe-webui-privesc-j22SaA4ze\">CVE-2023-20198<\/a> \u2013 Cisco IOS XE web user interface authentication bypass vulnerability<\/li>\n<li><a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/08\/20\/russian_fsb_cyberspies_exploiting_cisco_bug\/\">CVE-2018-0171<\/a> \u2013 Cisco IOS and IOS XE smart install remote code execution vulnerability<\/li>\n<\/ul>\n<\/blockquote>\n<p>So network defenders should prioritize patching these, if you haven&#8217;t already done so.<\/p>\n<p>It also describes tools and techniques that Salt Typhoon uses to maintain network persistence, move laterally across devices, capture traffic containing credentials, and abuse peering connections to steal sensitive information.<\/p>\n<p>In addition to the four US agencies (FBI, CISA, National Security Agency, and Department of Defense Cyber Crime Center), the UK&#8217;s National Cyber Security Centre plus government agencies in Australia, Canada, New Zealand, the Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain also co-issued the security alert.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;Wow, that is a lot of seals on the alert,&#8221; Annie Fixler, director of the Center on Cyber and Technology Innovation at the national security think tank Foundation for Defense of Democracies, told <em>The Register<\/em>.<\/p>\n<p>&#8220;This type of joint alert from so many partners speaks to the importance of the information and the level of confidence in the attribution,&#8221; she continued. It is an important signal that the United States and its partners are united in their concerns about malicious Chinese state-sponsored cyber operations.&#8221;<\/p>\n<p>It also indicates that any claims of successfully booting the snoops off of networks &#8220;should always be viewed with at least some skepticism,&#8221; Fixler added. &#8220;In the case of Salt Typhoon, given the longevity and sophistication of the penetration, a healthy dose of skepticism is necessary to any claims of quick fixes. Salt Typhoon is a persistent actor. Even if one method of access is thwarted, they are going to keep trying to get in.&#8221;<\/p>\n<p>Google&#8217;s Mandiant incident response team was <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2025\/07\/25\/senator_mandiant_salt_typhoon_demands\/\">part of the clean-up crew<\/a> called in to help telco companies globally rid their networks of Salt Typhoon.<\/p>\n<p>&#8220;Though there are many Chinese cyber espionage actors regularly targeting the sector, this actor&#8217;s familiarity with telecommunications systems gives them a unique advantage, especially when it comes to evading detection,&#8221; Google Threat Intelligence Group chief analyst John Hultquist told <em>The Register<\/em>.<\/p>\n<p>&#8220;In addition to targeting telecommunications, reported targeting of hospitality and transportation by this actor could be used to closely surveil individuals,&#8221; he said. &#8220;Information from these sectors can be used to develop a full picture of who someone is talking to, where they are, and where they are going.&#8221;<\/p>\n<p>In addition to the international governments&#8217; joint alert, CrowdStrike researchers late last week <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.crowdstrike.com\/en-us\/blog\/murky-panda-trusted-relationship-threat-in-cloud\/\">warned that Salt Typhoon<\/a> (it tracks this crew as Murky Panda) has escalated its cyberespionage across government, tech, academic, legal and professional services in North America over the first half of 2025.<\/p>\n<p>A CrowdStrike spokesperson told <em>The Register<\/em> that the security shop has documented over a dozen cases of hacking activity attributed to this group since late spring. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2025\/08\/28\/china_salt_typhoon_alert\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>13 governments sound the alarm about ongoing unpleasantness China&#8217;s Salt Typhoon cyberspies continue their years-long hacking campaign targeting critical industries around the world, according to a joint security alert from cyber and law enforcement agencies across 13 countries.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-59254","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>If you thought China&#039;s Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"If you thought China&#039;s Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-28T07:32:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"If you thought China&#8217;s Salt Typhoon was booted off critical networks, think again\",\"datePublished\":\"2025-08-28T07:32:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/\"},\"wordCount\":924,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/\",\"name\":\"If you thought China's Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2025-08-28T07:32:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"If you thought China&#8217;s Salt Typhoon was booted off critical networks, think again\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"If you thought China's Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/","og_locale":"en_US","og_type":"article","og_title":"If you thought China's Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2025-08-28T07:32:12+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"If you thought China&#8217;s Salt Typhoon was booted off critical networks, think again","datePublished":"2025-08-28T07:32:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/"},"wordCount":924,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/","url":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/","name":"If you thought China's Salt Typhoon was booted off critical networks, think again 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2025-08-28T07:32:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/cybercrime&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2aLAuBmUUjSyVQaaZ4fnquAAAAIY&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/if-you-thought-chinas-salt-typhoon-was-booted-off-critical-networks-think-again\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"If you thought China&#8217;s Salt Typhoon was booted off critical networks, think again"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59254","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=59254"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59254\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=59254"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=59254"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=59254"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}