Salt Typhoon

Also known as: GhostEmperor, FamousSparrow, Earth Estries

Overview

Chinese MSS-linked group behind the largest telecom breach in US history. Compromised 12+ US telecom providers and accessed lawful intercept systems.

MITRE ATT&CK Coverage

Recon
Res Dev
Init Access
Execution
Persistence
Priv Esc
Def Evasion
Cred Access
Discovery
Lat Move
Collection
C2
Exfil
Impact
4 of 14 tactics observed

Raw TTPs

Telecom Infrastructure ExploitationLawful Intercept AbuseRouter ImplantsKernel RootkitsLiving-off-the-Land

Related Intelligence (2)

CRITICALAptExploited

Salt Typhoon Compromises Three Additional US Telecom Providers

CISA and FBI confirm Salt Typhoon has compromised three additional US telecom providers, totaling twelve. Lawful intercept systems accessed.

Cisco IOS XR
CISA / FBI Joint Advisory
CRITICALVulnerabilityExploited

Critical Fortinet FortiManager Flaw Enables Managed Firewall Takeover

CVE-2026-48788 allows registration of rogue FortiGate devices to FortiManager, enabling config push to entire managed firewall estate.

CVE-2026-48788FortiManager 7.4
Fortinet PSIRT / Mandiant