TZUTC: -0500   
   MSGID: 1617.consprcy@1:2320/105 2d5cdb40   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Notorious Chinese hacking group Salt Typhoon found lurking in European comms   
   networks   
      
   Date:   
   Tue, 21 Oct 2025 13:06:00 +0000   
      
   Description:   
   Salt Typhoon has its sights set on European Telecoms firm.   
      
   FULL STORY   
      
   Notorious Chinese hacking group Salt Typhoon has been once again linked to   
   intrusions against telecommunications firms - this time in Europe.    
      
   A new report from Darktrace claims the group has been observed, "targeting   
   global infrastructure using stealthy techniques such as DLL sideloading and   
   zero-day exploits."    
      
   The early stage intrusion activity detected mirrors previous Salt Typhoon   
   tactics, such as the prolific attacks on up to 8 different telecom   
   organizations in a far reaching and potent multi-year campaign which resulted   
   in the group stealing information from millions of American telecom customers   
   using a high severity Cisco flaw to gain access and eventually collect    
   traffic from the networks devices were connected to.   
      
   DLL side-loading    
      
   In the latest incident, Darktrace assessed with moderate confidence that Salt   
   Typhoon abused legitimate tools with stealth and persistence - exploiting a   
   Citrix NetScaler Gateway appliance to obtain initial access.    
      
   From there, the criminals deployed Snappybee malware, also known as Deed RAT,   
   which is launched using a technique called DLL side-loading - another tactic   
   commonly used by Chinese threat actors.    
      
   The backdoor was delivered to these internal endpoints as a DLL alongside   
   legitimate executable files for antivirus software such as Norton Antivirus,   
   Bkav Antivirus, and IObit Malware Fighter, Darktrace explained.    
      
   This pattern of activity indicates that the attacker relied on DLL   
   side-loading via legitimate antivirus software to execute their payloads.    
   Salt Typhoon and similar groups have a history of employing this technique,   
   enabling them to execute payloads under the guise of trusted software and   
   bypassing traditional security controls.    
      
   Darktrace says the intrusion was identified and remediated before it could   
   escalate beyond the early stages of attack - neutralizing the threat.    
      
   This highlights the vital importance of proactive, anomaly-based defense and   
   detection above the more traditional signature-based methods, especially    
   given the rise in persistent, state sponsored threat actors.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/notorious-chinese-hacking-group-salt-ty   
   phoon-found-lurking-in-european-comms-networks   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426