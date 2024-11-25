The reach of the China-linked Salt Typhoon gang extends beyond telecommunications giants in the United States, and its arsenal includes several backdoors – including a brand-new malware dubbed GhostSpider – according to Trend Micro researchers.

While the crew has made headlines recently for hacking "thousands and thousands" of devices at US telcos, research published on Monday by Trend Micro's threat intel team suggests Salt Typhoon (which Trend tracks as Earth Estries) has also hit more than 20 organizations globally since 2023. These span various sectors – including technology, consulting, chemical and transportation industries, government agencies, and non-profit organizations (NGOs) in the US, the Asia-Pacific region, the Middle East, and South Africa.

Affected countries include Afghanistan, Brazil, Eswatini, India, Indonesia, Malaysia, Pakistan, the Philippines, South Africa, Taiwan, Thailand, the US, and Vietnam.

It's "one of the most aggressive Chinese advanced persistent threat (APT) groups," Trend Micro's Leon Chang, Theo Chen, Lenart Bermejo, and Ted Lee wrote.

"We found that in 2023, the attackers had also targeted consulting firms and NGOs that work with the US federal government and military," the threat intel team observed.

These intrusions not only compromised telcos' database and cloud servers, but also attacked the firms' suppliers – in at least one instance implanting the Demodex rootkit on machines used by a major contractor to a dominant regional telecommunications provider. Trend Micro's analysts think that shows Salt Typhoon wanted to gain access to more targets.