Salt Typhoon: Prepare for China’s Most Dangerous State-Sponsored APT Group

Salt Typhoon is believed to operate under the direction of China’s Ministry of State Security (MSS). The group has compromised telecommunications, military, and government networks across the U.S., Asia-Pacific, Europe, the Middle East, and Africa, enabling intelligence gathering – and positioning for disruption on an unprecedented scale.

Get proprietary, meticulously documented research and recommendations:

• Origin & affiliations: Attribution to MSS-linked entities and contractor teams
• Targets & motivations: How geopolitical priorities shaped the group’s victim profile
• Tactics, techniques & procedures: Full lifecycle mapped to the MITRE ATT&CK® framework
• Malware arsenal: Deep technical dives into custom rootkits, backdoors, and “living off the land” tooling
• Operational stealth: Use of HTTPS C2, anti-forensics, and lateral movement via native tools
• Defense recommendations: Actionable guidance for telcos, governments, and enterprises

Download the full report to learn more.

Note that these reports are considered confidential and may not be disclosed to a third party without Rapid7’s prior written consent.