The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices

SUMMARY :

Salt Typhoon, a Chinese state-sponsored threat actor, has been targeting major telecommunications providers worldwide by exploiting vulnerabilities in network devices. This analysis tracks global exposures of internet-facing devices associated with Salt Typhoon activity over six months, including Sophos Firewalls, Cisco IOS XE WebUIs, Ivanti Connect Secure, and Fortinet FortiClient EMS systems. Overall combined exposure decreased by 25%, with Sophos Firewall interfaces showing the largest reduction. Cisco IOS XE was the only platform with increased exposure. Geographically, most exposures remain concentrated in the United States, except for Sophos XG Firewall exposures in Germany. The persistence of exposed devices raises questions about remediation efforts and organizational responses to these threats.

OPENCTI LABELS :

cve-2024-21887,cve-2023-46805,shadowpad,network devices,telecommunications,vulnerability exploitation,cve-2023-48788,cve-2022-3236,masol rat,ivanti connect secure,chinese state-sponsored,cve-2023-20198,sophos firewall,cve-2023-20273,cisco ios xe,exposure tracking,fortinet forticlient ems


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Persistent Threat of Salt Typhoon: Tracking Exposures of Potentially Targeted Devices