45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage
Sep 09, 2025
Cyber Espionage / Telecom Security
Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. "The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming that the 2024 Salt Typhoon attacks were not the first activity carried out by this group," Silent Push said in a new analysis shared with The Hacker News. The identified infrastructure, totaling 45 domains, has also been identified as sharing some level of overlap with another China-associated hacking group tracked as UNC4841 , which is best known for its zero-day exploitation of a security flaw in Barracuda Email Security Gateway (ESG) appliances (CVE-2023-2868, CVSS score: 9.8). Salt Typhoon , active since 2019, drew widespread attention last year for its targeting of telecommunications services providers in the U.S. Believed to be operated by China's Ministry of State Secur...