August 28, 2025

Hold on tight! The United States’ top cyber defense agency has sounded the alarm — state-sponsored hackers from China are stirring up a global cyber storm! These sneaky cyber spies are attacking critical networks, including telecoms, governments, transport, hotels, and even military bases by hacking into the main backbone routers and using compromised devices as secret tunnels for long term access. This high-stakes cyber campaign is known by cyber experts as Salt Typhoon, Operator Panda, RedMike, UNC5807, and GhostEmperor, but the authorities simply call them Advanced Persistent Threat (APT) actors. This cyber tempest is not limited to one country. It’s been seen hitting the United States, Australia, Canada, New Zealand, the United Kingdom, and beyond. On August 27, the UK along with 12 international allies bravely named three China-based tech companies — Sichuan Juxinhe Network Technology Co Ltd, Beijing Huanyu Tianqiong Information Technology Co, and Sichuan Zhixin Ruijie Network Technology Co Ltd — as key players behind these attacks. The UK's National Cyber Security Centre (NCSC), part of GCHQ, shared deep technical details revealing how these companies targeted important national organisations worldwide since 2021. The cyber espionage steals crucial data that could let Chinese intelligence spy on communications and movements globally. So, what is this Salt Typhoon? It’s a clever codename for a long-running Chinese state-backed hacking group active since 2021. They attack vital sectors worldwide — government, transport, military, and more — by exploiting unpatched routers and network devices. This helps them sneak in, steal secret info, and quietly watch their targets for years. How do these cyber ninjas work? They exploit virtual private servers and routers not linked to known botnets, often sneaking through service providers’ networks. Using hacked devices, trusted connections, and private links, they jump from one network to another. They can even change routing paths, mirror traffic, or create secret tunnels to keep hidden. These APT hackers camouflage their IP addresses, making their moves look like local users. They focus on breaking into authentication systems like TACACS+ and RADIUS, then quietly collect data packets inside internet service providers’ networks. They scan routers, software, and configuration files to map the network, find treasures, and stay undetected. Worried about your safety? Here’s the spicy recipe to keep hackers at bay: - Keep all systems and routers patched and updated - Monitor your network for strange activity using security tools - Separate critical networks to stop hackers jumping around - Use strong multi-factor authentication - Secure edge devices like routers and switches - Regularly check logs for suspicious signs - Encrypt data with VPNs or tunnels - Check security of third-party vendors - Have a quick incident response plan ready - Share threat info with cybersecurity centres This cyber drama shows the high stakes of today’s digital world. As China’s hackers keep their eyes on global treasures, nations must stay one step ahead to protect their digital frontiers. Stay alert, stay safe, and keep your networks locked tight!

Read More at Economictimes →

Tags: China hackers, Salt typhoon, Cyber attack, Apt groups, Network security, Cyber threat,