Threat Objects & Tags
New object & Technique Relationships for China-backed espionage group Salt Typhoon, which gained recent attention for reports of its targeting of U.S. telecom companies.
Few technical details were reported about the group’s recent attacks, but we published two Campaigns for groups thought to overlap with Salt Typhoon: GhostEmperor & FamousSparrow. Interested users should use these objects in Threat Profiles (Groups do not inherit Campaigns' Techniques in Threat Profiles).
Custom weightings could be applied based on the recency of each Campaign (our approach) and/or users' confidence in the overlap between threat clusters reported by different vendors:
Surface additional Techniques related to other, similar groups by visiting the Groups List page (“Groups” in the lefthand nav menu) and filtering on metadata like Attribution Country == China, Motivation == Cyber Espionage, and Observed Sectors == Telecommunications. Use Groups' References tabs to evaluate groups likely active more or less recently (each of the Groups published by Tidal (Source == Tidal Cyber) were added in 2024, and others like Volt Typhoon, Aquatic Panda, & APT41 have been updated within the past year.
Threat Profiles: Monthly updates to Tidal’s curated “Major & Emerging Ransomware & Extortion Threats” and “Tidal Trending Techniques” Threat Profiles
A large relative increase in reporting volumes generally last month means that many commonly observed Techniques (e.g. Exploit Public-Facing Web App, PowerShell, Data Encrypted for Impact) appear in this month’s Trending Techniques update - a great opportunity to double-check coverage against even mainstay attacker behaviors!