[May-18-2025] Daily Cybersecurity Threat Report

Posted on

Executive Summary:

This report provides an analysis of significant cybersecurity incidents that have occurred within the last 24 hours. The incidents highlight a range of threats, from data breaches affecting various sectors to initial access offerings and website defacements. The observed trends indicate a persistent and evolving threat landscape, demanding proactive security measures and robust incident response capabilities. Understanding the tactics, techniques, and procedures (TTPs) of the involved threat actors and the potential impact of these breaches is crucial for organizations to strengthen their defenses and mitigate future risks. This report aims to provide a timely and comprehensive overview of these incidents, offering insights into the threat actors, potential impacts, and actionable recommendations.

Detailed Incident Analysis:

This section provides a detailed breakdown of each reported cybersecurity incident. The analysis incorporates information extracted from the provided data and supplemented by external research to offer a comprehensive understanding of the events.

Table 1: Summary of Cybersecurity Incidents

Incident IDAffected EntityDate of IncidentType of AttackSuspected Threat Actor(s)Published URLNumber of Screenshot URLs
Incident 1ELEARNNET2025-05-18T12:43:25ZData BreachTeam 1722https://t.me/x1722x/25721
Incident 2Shandong Wolun Communication Technology Co., Ltd.2025-05-18T12:32:17ZData Breachelpatron85https://darkforums.st/Thread-Chinese-ID-Cards-sdwolun-com-Data1
Incident 3kfp-ins.co.kr2025-05-18T11:29:02ZData BreachTeam 1722https://t.me/x1722x/25711
Incident 4AT&T2025-05-18T11:24:51ZData BreachKrimCohttps://xss.is/threads/137917/1
Incident 5Medik’ West Indies2025-05-18T11:01:17ZData BreachBlack Lotushttps://t.me/voidlotus/2011
Incident 6Unidentified U.S. organization (~$16M revenue)2025-05-18T10:42:49ZInitial AccessBenjaminFranklinhttps://forum.exploit.in/topic/259319/1
Incident 7Ministry of National Defence of Vietnam2025-05-18T10:38:56ZData BreachDevil120https://demonforums.net/Thread-The-Ministry-of-National-Defense-mod-gov-vn-NavyVietnam1
Incident 8Ministry of National Defence of Vietnam2025-05-18T10:12:08ZData BreachJack_backhttps://darkforums.st/Thread-The-Ministry-of-National-Defense-mod-gov-vn-NavyVietnam1
Incident 9FTS Bags2025-05-18T07:59:55ZDefacementNKRI EROR SYSTEMhttps://t.me/nkrierorsystem/331
Incident 10US bank2025-05-18T06:31:54ZData BreachJack_backhttps://darkforums.st/Thread-USA-BANK-2025-DB1
Incident 11Ashoka Trust for Research in Ecology and the Environment2025-05-18T06:24:21ZData Leaksyn1https://darkforums.st/Thread-Selling-Ashoka-Trust-for-Research-in-Ecology-and-the-Environment–107971
Incident 12Unidentified US Magento store2025-05-18T06:19:15ZInitial Accessshellshophttps://forum.exploit.in/topic/259316/1
Incident 13Credit card information from Italy2025-05-18T05:44:53ZData Leakbondiana28https://forum.exploit.in/topic/259313/1
Incident 14Bankcitra2025-05-18T05:23:17ZDefacementNKRI EROR SYSTEMhttps://t.me/nkrierorsystem/311
Incident 15Alleged Chinese government hacking group2025-05-18T04:45:08ZData LeakChinaBobhttps://darkforums.st/Thread-Selling-Chinese-government-hacking-group%E2%80%A8-Salt-Typhoon-Banking-Data-Internal-Files1
Incident 16Unidentified shop in Ireland2025-05-18T02:42:58ZInitial AccessFordnoxhttps://forum.exploit.in/topic/259312/1
Incident 17Unidentified shop in the USA2025-05-18T02:40:14ZInitial AccessFordnoxhttps://forum.exploit.in/topic/259311/1
Incident 18Credit card information from France2025-05-18T02:33:58ZData LeakJorozuro202https://forum.exploit.in/topic/259309/1
Incident 19Small and Medium Enterprise Foundation (SME Foundation)2025-05-18T00:46:49ZData BreachGARUDA ERROR SYSTEMhttps://t.me/GarudaHacktivis/4131

Incident 1:

Incident Overview:

The threat actor claims to have breached the data of ELEARNNET [Incident 1].

Threat Actor Analysis:

The threat actor involved in this incident is known as Team 1722. This group identifies as an autonomous cybersecurity team with motivations rooted in Kurdish society, claiming their activities are not illegal and respect the laws of the Kurdistan Region.1 However, they have been observed targeting organizations globally, including South Korea, and have warned of future attacks on entities in Iran, Turkey, Italy, Japan, India, Europe, and Arab countries.1 Team 1722 has claimed responsibility for defacing the website of the Wheelchair Rehabilitation Culture Promotion Association and leaking data from Global Scout, a South Korean headhunting firm.1 Their stated purpose is to protest against corruption, oppression, economic waste, and corrupt education systems.1 While they describe themselves as hacktivists, their actions involve data breaches and website defacements.1

Relevant Links:

Incident 2:

Incident Overview:

A threat actor claims to have leaked 355MB of data from Shandong Wolun Communication Technology Co., Ltd., reportedly including names, Chinese ID cards, company ID numbers, mobile numbers, emails, and more [Incident 2]. The alleged leak pertains to data from the year 2024.

Threat Actor Analysis:

The threat actor is identified as “elpatron85”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 3:

Incident Overview:

The threat actor claims to have breached the data of kfp-ins.co.kr [Incident 3].

Threat Actor Analysis:

The threat actor involved in this incident is Team 1722. As detailed in Incident 1, this group has a history of targeting South Korean organizations with website hacks and data breaches.1

Relevant Links:

Incident 4:

Incident Overview:

A threat actor claims to have leaked data from 70 million AT&T customer records. The exposed information reportedly includes names, phone numbers, Social Security Numbers (SSNs), dates of birth, email addresses, and physical addresses [Incident 4]. The alleged leak pertains to data from the year 2024.

Threat Actor Analysis:

The threat actor is identified as “KrimCo”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 5:

Incident Overview:

The threat actor claims to have leaked data from Medik’ West Indies. The compromised data reportedly includes user Id, email address, full name, subject of message, full message etc. [Incident 5].

Threat Actor Analysis:

The threat actor is identified as “Black Lotus”. This name is associated with a sophisticated UEFI bootkit malware that can bypass Secure Boot defenses on Windows systems.3 BlackLotus has been available on hacking forums since at least October 2022 and requires administrative or physical access to the target device for initial deployment.4 It can disable OS security mechanisms and establish persistence.3 While the malware itself is significant, the research material does not explicitly link the “Black Lotus” threat actor in this incident to the bootkit. “Black Lotus Labs” is also the name of the threat research and operations arm of Lumen Technologies.7

Relevant Links:

Incident 6:

Incident Overview:

The threat actor claims to be selling RDP user access to a U.S. organization (~$16M revenue), protected only by Windows Defender [Incident 6].

Threat Actor Analysis:

The threat actor is identified as “BenjaminFranklin”. While Benjamin Franklin was a historical figure known for his wisdom 11, in the context of cybersecurity, this name might be used as an alias. The research material does not provide specific details about a threat actor using this name. However, the mention of “an ounce of prevention is worth a pound of cure” is attributed to Benjamin Franklin and is relevant to cybersecurity.17

Relevant Links:

Incident 7:

Incident Overview:

The threat actor claims to be selling a database of the Ministry of National Defence of Vietnam [Incident 7].

Threat Actor Analysis:

The threat actor is identified as “Devil120”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 8:

Incident Overview:

A threat actor claims to have leaked data from the Ministry of National Defence of Vietnam. The exposed data reportedly includes identity numbers, full names, dates of birth, gender, nationality, place of origin, residence, and expiry dates [Incident 8]. This incident is noted to be a re-breach, as the same ministry was allegedly targeted by “G_fuck” on March 4, 2025.

Threat Actor Analysis:

The threat actor is identified as “Jack_back”. This could be an alias. The research material contains references to “Jack” in various contexts 19, but none directly link to a threat actor using the full name “Jack_back”.

Relevant Links:

Incident 9:

Incident Overview:

The group claims to have defaced the website of FTS Bags [Incident 9].

Threat Actor Analysis:

The threat actor is identified as “NKRI EROR SYSTEM”. This group is known for website defacements.25 Website defacement involves gaining unauthorized access to a website and altering its visual appearance or content, often to display political messages or claim credit for the attack.27

Relevant Links:

Incident 10:

Incident Overview:

The threat actor claims to have breached the data of a US bank with records of 51 million individuals. The data reportedly consists of name, address, city, email, phone number, account type, etc. [Incident 10].

Threat Actor Analysis:

The threat actor is identified as “Jack_back”. As mentioned in Incident 8, the research material does not provide specific details about a threat actor using this name.

Relevant Links:

Incident 11:

Incident Overview:

The threat actor claims to be selling root credentials for 5 internal servers and admin credentials for an internal portal for Ashoka Trust for Research in Ecology and the Environment [Incident 11].

Threat Actor Analysis:

The threat actor is identified as “syn1”. This could be an alias. The research material contains references to “syn” in the context of SYN attacks and SYN cookies 32, and “SYN1” in the context of neuronal functions.33 However, none of these directly link to a threat actor using the alias “syn1”.

Relevant Links:

Incident 12:

Incident Overview:

The threat actor is offering to sell access to a Magento-based online shop located in the USA [Incident 12].

Threat Actor Analysis:

The threat actor is identified as “shellshop”. This name suggests a threat actor involved in selling access or “shells” to compromised systems, particularly online shops. The research material contains information about web shells, which are malicious scripts used to gain persistent remote access to web servers.35 Threat actors often exploit vulnerabilities in web applications to deploy web shells.35

Relevant Links:

Incident 13:

Incident Overview:

The threat actor is offering to sell 400 pieces of High Quality credit card information from Italy. The format includes cc num, exp date ,cvv, first name, last name, country, state, city, address, zip code and more [Incident 13].

Threat Actor Analysis:

The threat actor is identified as “bondiana28”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 14:

Incident Overview:

The group claims to have defaced the website of Bankcitra [Incident 14].

Threat Actor Analysis:

The threat actor is identified as “NKRI EROR SYSTEM”. As detailed in Incident 9, this group is known for website defacements.25

Relevant Links:

Incident 15:

Incident Overview:

The threat actor claims to be selling stolen data allegedly originating from Chinese government-affiliated hacking groups referred to as Salt Typhoon. The leaked content includes sensitive employee records, banking and financial data, internal files, router configurations with passwords, and chat logs of employees and officials under investigation. Samples provided include employee personal details, router login credentials, and banking transaction data between government customers [Incident 15].

Threat Actor Analysis:

The threat actor is identified as “ChinaBob”. This alias suggests a connection to Chinese threat actors. The mention of “Salt Typhoon” is significant. Salt Typhoon is an advanced persistent threat actor believed to be operated by China’s Ministry of State Security (MSS).11 This group has been involved in high-profile cyber espionage campaigns, particularly targeting the United States, with a focus on counterintelligence and data theft.42 They have compromised numerous U.S. telecommunications companies and have been known to exploit vulnerabilities in network devices like Cisco routers.42

Relevant Links:

Incident 16:

Incident Overview:

A threat actor is offering to sell unauthorized WordPress access to an unidentified shop in Ireland [Incident 16].

Threat Actor Analysis:

The threat actor is identified as “Fordnox”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 17:

Incident Overview:

A threat actor is offering to sell unauthorized WordPress access to an unidentified shop in the USA [Incident 17].

Threat Actor Analysis:

The threat actor is identified as “Fordnox”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 18:

Incident Overview:

The threat actor is offering to sell 500 pieces of High Quality credit card information from France. The format includes Full Name, Card Number, EXPM/EXPY, 3digitcvc, Full Address, State, City, zip, phone and more [Incident 18].

Threat Actor Analysis:

The threat actor is identified as “Jorozuro202”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Incident 19:

Incident Overview:

The group claims to have leaked the database of Small and Medium Enterprise Foundation (SME Foundation) [Incident 19].

Threat Actor Analysis:

The threat actor is identified as “GARUDA ERROR SYSTEM”. Currently, there is no specific information available about this threat actor in the provided research material.

Relevant Links:

Trends and Observations:

The incidents reported within the last 24 hours reveal several noteworthy trends in the current cybersecurity landscape. Data breaches continue to be a prevalent threat, affecting organizations across various sectors and geographies. The targeting of educational institutions (ELEARNNET), telecommunications companies (Shandong Wolun, AT&T), and government entities (Ministry of National Defence of Vietnam) highlights the diverse nature of victims. The sale of initial access to organizations and online shops indicates a thriving cybercriminal ecosystem where threat actors specialize in different stages of an attack. Website defacements, claimed by groups like NKRI EROR SYSTEM, are often used for hacktivism or to gain notoriety. The alleged involvement of a Chinese government-affiliated group (Salt Typhoon) in a data leak underscores the persistent threat posed by nation-state actors. The repeated targeting of the Ministry of National Defence of Vietnam suggests a potential focus on this entity by multiple threat actors.

Table 2: Threat Actor Profiles

Threat Actor NameKnown TTPsLikely MotivationsIndustries Targeted (based on reported incidents)Number of Incidents in Report
Team 1722Website defacement, data breaches, targeting vulnerabilitiesProtest against corruption, political and social issues within Kurdish society 1Education, Headhunting2
elpatron85Data leaksUnknownNetwork & Telecommunications1
KrimCoData leaksUnknownNetwork & Telecommunications1
Black LotusExploiting CVE-2022-21894 to bypass Secure Boot, deploying kernel drivers and HTTP downloaders 3Persistence, defense evasion, deploying further payloads 6Non-profit & Social Organizations1
BenjaminFranklinSelling RDP accessFinancial gainUnidentified U.S. organization1
Devil120Selling databasesUnknownGovernment Administration1
Jack_backData leaks, data breachesUnknownGovernment Administration, Banking & Mortgage2
NKRI EROR SYSTEMWebsite defacement 25Hacktivism, gaining attention 27Manufacturing, Banking & Mortgage2
syn1Selling credentialsFinancial gainNon-profit & Social Organizations1
shellshopSelling unauthorized access, potentially using web shells 35Financial gainOnline retail1
bondiana28Selling credit card informationFinancial gainUnknown1
ChinaBobSelling stolen data, associated with Salt TyphoonEspionage, data theft 42Unknown1
FordnoxSelling unauthorized WordPress accessFinancial gainUnidentified shops2
Jorozuro202Selling credit card informationFinancial gainUnknown1
GARUDA ERROR SYSTEMData breachesUnknownGovernment Administration1

Recommendations:

To mitigate the risks highlighted in these incidents, organizations should implement several key security measures. Regularly update and patch all software and firmware to address known vulnerabilities. Implement strong password policies and multi-factor authentication to protect against unauthorized access. Employ network segmentation to limit the impact of a breach. Conduct regular security awareness training for employees to recognize and avoid phishing and social engineering attacks. Implement robust data encryption both at rest and in transit to protect sensitive information. Utilize web application firewalls (WAFs) to protect against web-based attacks. Continuously monitor network traffic for suspicious activity and establish incident response plans to effectively manage and recover from security incidents. Organizations should also stay informed about the tactics and motivations of various threat actors to better anticipate and defend against potential attacks. Sharing threat intelligence within industry sectors can also enhance collective defense capabilities. For organizations using WordPress or Magento, it is crucial to keep these platforms and all associated plugins updated to prevent exploitation of known vulnerabilities.

Conclusions:

The cybersecurity incidents reported in the last 24 hours demonstrate the diverse and evolving threat landscape. Threat actors continue to target a wide range of organizations with various attack methods, from data breaches and website defacements to selling initial access and sensitive information. Understanding the motivations and tactics of these actors, as well as implementing proactive security measures, is essential for organizations to protect their assets and maintain operational resilience. Continuous vigilance and adaptation are necessary to stay ahead of sophisticated cyber adversaries.

Works cited

  1. AhnLab TIP, accessed May 18, 2025, https://atip.ahnlab.com/
  2. Darkweb – ASEC, accessed May 18, 2025, https://asec.ahnlab.com/en/category/darkweb-en/
  3. Threat Deep Dive: BlackLotus – Critical Start, accessed May 18, 2025, https://www.criticalstart.com/threat-deep-dive-blacklotus/
  4. Trojan:Win32/BlackLotus threat description – Microsoft Security Intelligence, accessed May 18, 2025, https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Trojan:Win32/BlackLotus&threatId=-2147125304&ocid=magicti_ta_ency
  5. BlackLotus UEFI bootkit: Myth confirmed – WeLiveSecurity, accessed May 18, 2025, https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
  6. Guidance for investigating attacks using CVE-2022-21894: The BlackLotus campaign | Microsoft Security Blog, accessed May 18, 2025, https://www.microsoft.com/en-us/security/blog/2023/04/11/guidance-for-investigating-attacks-using-cve-2022-21894-the-blacklotus-campaign/
  7. Black Lotus Labs | Lumen, accessed May 18, 2025, https://www.lumen.com/en-us/security/black-lotus-labs.html
  8. Taking the Crossroads: The Versa Director Zero-Day Exploitation – Lumen Blog, accessed May 18, 2025, https://blog.centurylink.com/taking-the-crossroads-the-versa-director-zero-day-exploitation
  9. Volt Typhoon exploiting zero-day in campaign targeting ISPs, MSPs | Cybersecurity Dive, accessed May 18, 2025, https://www.cybersecuritydive.com/news/volt-typhoon-zero-day-isps-msps/725492/
  10. Black Lotus Labs uncovers another new malware that targets compromised routers – Lumen, accessed May 18, 2025, https://ir.lumen.com/news/news-details/2023/Black-Lotus-Labs-uncovers-another-new-malware-that-targets-compromised-routers/default.aspx
  11. Efficiency? Security? When the quest for one grants neither. – Cisco Talos Blog, accessed May 18, 2025, https://blog.talosintelligence.com/efficiency-security-when-the-quest-for-one-grants-neither/
  12. What is Ben Franklin’s Cyber Wisdom? – TEKRiSQ, accessed May 18, 2025, https://tekrisq.com/ben-franklin-cyber/
  13. Benjamin Franklin: In Search of a Better World | ALA, accessed May 18, 2025, https://www.ala.org/tools/programming/franklin/29entrepreneurben
  14. Benjamin Franklin and Mike Tyson’s Guide to Cyber Resilience, accessed May 18, 2025, https://www.aherninsurance.com/benjamin-franklin-and-mike-tysons-guide-to-cyber-resilience/
  15. Benjamin Franklin: Writer, inventor, statesman and friend to gays – Washington Blade, accessed May 18, 2025, https://www.washingtonblade.com/2011/10/28/benjamin-franklin-writer-inventor-statesman-and-friend-to-gays/
  16. Famous Inventors: Benjamin Franklin – IPWatchdog.com | Patents & Intellectual Property Law, accessed May 18, 2025, https://ipwatchdog.com/2008/10/25/famous-inventors-benjamin-franklin/id=229/
  17. Living-Off-the-Land Attacks: Why Prevention is the Best Strategy – CyberFOX, accessed May 18, 2025, https://www.cyberfox.com/living-off-the-land-attacks-why-prevention-is-the-best-strategy/
  18. Predictive Intelligence: The Robots Aren’t Coming for Your Jobs – FS-ISAC, accessed May 18, 2025, https://www.fsisac.com/insights/robots-arent-coming-for-your-jobs
  19. I completely misinterpreted the season 3 finale on my first watch – Wonder if anyone else saw the same thing? : r/lost – Reddit, accessed May 18, 2025, https://www.reddit.com/r/lost/comments/px9ctx/i_completely_misinterpreted_the_season_3_finale/
  20. Doctor Who: Revolution of the Daleks [Blu-ray] – Amazon.com, accessed May 18, 2025, https://www.amazon.com/Doctor-Who-Revolution-Daleks-Blu-ray/dp/B08HRXQZD4
  21. Would anyone else be fine with a – “somehow handsome jack returned” for borderlands 4, accessed May 18, 2025, https://www.reddit.com/r/Borderlands/comments/1bytvf7/would_anyone_else_be_fine_with_a_somehow_handsome/
  22. Titanic 2 – Jack’s Back Reboot (2025 Movie Trailer Parody) – YouTube, accessed May 18, 2025, https://www.youtube.com/watch?v=iphqRPaaeP8
  23. Jack in the Box – Wikipedia, accessed May 18, 2025, https://en.wikipedia.org/wiki/Jack_in_the_Box
  24. F I L E D – U.S. Case Law, Court Opinions & Decisions :: Justia, accessed May 18, 2025, https://cases.justia.com/federal/appellate-courts/ca10/05-4120/05-4120-2011-03-14.pdf?ts=1411081022
  25. ‘Unsophisticated’ hackers targeting systems used by oil and gas industry, CISA says, accessed May 18, 2025, https://therecord.media/oil-gas-industries-cisa-warning-unsophisticated-cyberthreats
  26. Threat Actor Profile: Peoples Cyber Army of Russia – Cyble, accessed May 18, 2025, https://cyble.com/threat-actor-profiles/peoples-cyber-army-of-russia/
  27. Website Defacement Attacks | Group-IB Knowledge Hub, accessed May 18, 2025, https://www.group-ib.com/resources/knowledge-hub/website-defacement-attacks/
  28. What is a Website Defacement Attack | Examples & Prevention – Imperva, accessed May 18, 2025, https://www.imperva.com/learn/application-security/website-defacement-attack/
  29. Website Defacement Attack – How To Fix [3-STEP Guide], accessed May 18, 2025, https://secure.wphackedhelp.com/blog/website-defacement/amp/
  30. I legally defaced this website. – YouTube, accessed May 18, 2025, https://www.youtube.com/watch?v=FvpZkEHpF8g
  31. Everything You Should Know About Website Defacement – Namecheap Blog, accessed May 18, 2025, https://www.namecheap.com/blog/website-defacement/
  32. SYN defender – fwaccel synatk – Check Point CheckMates, accessed May 18, 2025, https://community.checkpoint.com/t5/Security-Gateways/SYN-defender-fwaccel-synatk/td-p/218761
  33. Low p-SYN1 (Ser-553) Expression Leads to Abnormal Neurotransmitter Release of GABA Induced by Up-Regulated Cdk5 after Microwave Exposure: Insights on Protection and Treatment of Microwave-Induced Cognitive Dysfunction – MDPI, accessed May 18, 2025, https://www.mdpi.com/1467-3045/44/1/15
  34. A chemogenetic screen for neuroimmune interplay reveals Trpv1+ neuron control of Tregs in gut – PubMed Central, accessed May 18, 2025, https://pmc.ncbi.nlm.nih.gov/articles/PMC11416019/
  35. Hackers deployed web shells, exploited public-facing applications in Q4, accessed May 18, 2025, https://www.cybersecuritydive.com/news/threat-actors-web-shells-exploit/739426/
  36. HC3: Stealthy Godzilla Web Shell Used by Chinese APT Groups in Attack Chain, accessed May 18, 2025, https://www.hipaajournal.com/godzilla-web-shell-warning/
  37. Threat Actors Increasingly Use Web Shells in eSkimming Campaigns – Visa, accessed May 18, 2025, https://usa.visa.com/dam/VCOM/global/support-legal/documents/visa-security-alert-web-shell-eSkimming.pdf
  38. Web Shell Malware: Threats and Mitigations | HHS.gov, accessed May 18, 2025, https://www.hhs.gov/sites/default/files/web-shell-malware-threats-and-mitigations.pdf
  39. Ghost in the shell: Investigating web shell attacks | Microsoft Security Blog, accessed May 18, 2025, https://www.microsoft.com/en-us/security/blog/2020/02/04/ghost-in-the-shell-investigating-web-shell-attacks/
  40. MAR-10297887-1.v2 – Iranian Web Shells | CISA, accessed May 18, 2025, https://www.cisa.gov/news-events/analysis-reports/ar20-259a
  41. Salt Typhoon hackers possibly targeted telecom research at US universities – Nextgov/FCW, accessed May 18, 2025, https://www.nextgov.com/cybersecurity/2025/02/salt-typhoon-hackers-possibly-targeted-telecom-research-us-universities/402969/
  42. Salt Typhoon – Wikipedia, accessed May 18, 2025, https://en.wikipedia.org/wiki/Salt_Typhoon
  43. Breaking Down Salt Typhoon – Armis, accessed May 18, 2025, https://www.armis.com/blog/breaking-down-salt-typhoon/
  44. FBI seeks public tips about Salt Typhoon – Cybersecurity Dive, accessed May 18, 2025, https://www.cybersecuritydive.com/news/fbi-china-salt-typhoon-hack-telecom-tips/746490/
  45. Salt Typhoon hackers exploited stolen credentials and a 7-year-old software flaw in Cisco systems – Nextgov, accessed May 18, 2025, https://www.nextgov.com/cybersecurity/2025/02/salt-typhoon-hackers-exploited-stolen-credentials-and-7-year-old-software-flaw-cisco-systems/403146/
  46. Salt Typhoon telecom breach remarkable for its ‘indiscriminate’ targeting, FBI official says, accessed May 18, 2025, https://cyberscoop.com/salt-typhoon-telecom-breach-remarkable-for-its-indiscriminate-targeting-fbi-official-says/
  47. China’s Salt Typhoon hackers targeting Cisco devices used by telcos, universities, accessed May 18, 2025, https://therecord.media/china-salt-typhoon-cisco-devices
  48. What Is Salt Typhoon? A Security Expert Explains The Chinese Hackers And Their Attack On US Telecommunications Networks – UMBC: University Of Maryland, Baltimore County, accessed May 18, 2025, https://umbc.edu/stories/what-is-salt-typhoon-a-security-expert-explains-the-chinese-hackers-and-their-attack-on-us-telecommunications-networks/
  49. Treasury Sanctions Company Associated with Salt Typhoon and Hacker Associated with Treasury Compromise | U.S. Department of the Treasury, accessed May 18, 2025, https://home.treasury.gov/news/press-releases/jy2792
  50. Grassley to Charter Communications – Salt Typhoon Hack, accessed May 18, 2025, https://www.grassley.senate.gov/download/grassley-to-charter-communications_-salt-typhoon-hack

Related Posts