95
Sophistication
2021
First Seen
89
Notoriety
98
Stealth
97
Immersive Rating
94
Impact
83
Tactics Variety
Ice creature holding large salt shakers pouring water-like salt in a snowy mountainous landscape.

Salt Typhoon

Chinese state-linked actor (also tracked as Earth Estries, GhostEmperor, FamousSparrow) specializing in telecommunications and critical infrastructure espionage. Responsible for the 2024 compromise of major US telecom providers, including access to lawful intercept systems used by law enforcement.

Key behaviours to watch:

  • Exploitation of edge devices (Cisco routers, Ivanti VPN, Fortinet) for initial access to carrier networks.
  • Long-term persistence using GRE/IPsec tunnels, modified SSH keys, and living-off-the-land techniques on network infrastructure.
  • Targeting of CALEA wiretap systems, call metadata, and communications of government officials.

‍

Dark Caracal intelligence card with cat in hat and trench coat holding a USB, describing a Lebanese APT group.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Dark Caracal
68
2020
54
57
65
71
52
DarkSide ransomware group with horned black-armored figures under red swirling sky, known for 2021 Colonial Pipeline attack.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
DarkSide
92
2007
90
86
88
87
84
Digital card titled Dark Storm showing a figure under a glowing purple storm cloud with blue lightning.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Dark Storm
80
2020
75
76
78
85
70
Stylized bear in a suit, top hat, and monocle holding a cane and glass, labeled Fancy Bear cyber unit.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Fancy Bear
71
2017
63
64
68
65
65
FIN7 character with spider head in suit extending hand, stats on right, and intel about cybercrime group below.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
FIN7
85
2021
81
75
89
91
80
Fox Kitten intel card shows a hooded feline figure with cyber elements, plus stats and APT description.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Fox Kitten
53
2022
47
49
59
61
61
Hafnium: Chinese group behind 2021 Microsoft Exchange exploits allowing stealthy mass email access.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
HAFNIUM
70
2022
69
62
73
76
60
Card for Indian Cyber Force showing a hooded figure, group stats, and description of nationalist hacktivist actions.Brand logo with blue shapes and the word immersive above the text Learn More on black background.
Indian Cyber Force
80
2013
73
72
72
85
75