CyberSecurityBoard
Sponsor Register Login

Salt Typhoon Exploits Citrix Flaw in Cyber Espionage Campaign

A new cyber espionage campaign named Salt Typhoon has been uncovered exploiting a critical Citrix vulnerability to infiltrate targeted networks. This campaign leverages the CVE-2023-4965 vulnerability in Citrix ADC and Citrix Gateway products, allowing attackers to execute arbitrary code remotely. Salt Typhoon is attributed to a sophisticated threat actor group with ties to state-sponsored activities, focusing on intelligence gathering and data exfiltration. The campaign demonstrates advanced tactics including the use of custom malware and stealthy lateral movement within compromised environments. Organizations using Citrix products are urged to apply security patches immediately and enhance monitoring for unusual activities. This incident underscores the persistent threat posed by nation-state actors exploiting zero-day vulnerabilities to conduct espionage and disrupt critical infrastructure. Cybersecurity teams should prioritize vulnerability management and incident response readiness to mitigate such advanced persistent threats. The Salt Typhoon campaign highlights the evolving landscape of cyber threats targeting enterprise networks and the importance of proactive defense measures.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 20 Oct 2025 12:20:08 +0000


Cyber News related to Salt Typhoon Exploits Citrix Flaw in Cyber Espionage Campaign

CVE-2007-2850 - The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a ...
8 years ago
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon
The FBI's Brett Leatherman gives the latest ‘Typhoon’ forecast | The Record from Recorded Future News - We're fully engaged with the victims still, in order to ensure that there's containment, that there remains containment in the environment, and that, as the victims continue to do their work with CISA, their third-party remediation ...
6 months ago Therecord.media Volt Typhoon
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Chinese hackers use custom malware to spy on US telecom networks - A primary component of the Salt Typhoon attacks was monitoring network activity and stealing data using packet-capturing tools like Tcpdump, Tpacap, Embedded Packet Capture, and a custom tool called JumbledPath. JumbledPath allowed Salt Typhoon ...
9 months ago Bleepingcomputer.com
Salt Typhoon Exploits Citrix Flaw in Cyber Espionage Campaign - A new cyber espionage campaign named Salt Typhoon has been uncovered exploiting a critical Citrix vulnerability to infiltrate targeted networks. This campaign leverages the CVE-2023-4965 vulnerability in Citrix ADC and Citrix Gateway products, ...
1 month ago Infosecurity-magazine.com CVE-2023-4965 Salt Typhoon
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches - In January, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom ...
7 months ago Bleepingcomputer.com
Chinese hackers breached National Guard to steal network configurations - The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to ...
4 months ago Bleepingcomputer.com
Salt Typhoon Exploits Cisco, Ivanti, Palo Alto, and F5 Vulnerabilities to Target Organizations Globally - Salt Typhoon, a sophisticated cyber espionage group, has been actively exploiting critical vulnerabilities in widely used enterprise software from Cisco, Ivanti, Palo Alto Networks, and F5 Networks. These exploits allow the threat actors to gain ...
3 months ago Thehackernews.com CVE-2025-12345 CVE-2024-56789 CVE-2024-98765 Salt Typhoon
US Health Dept urges hospitals to patch critical Citrix Bleed bug - The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. Ransomware gangs are already using Citrix Bleed to breach their targets' networks ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
Salt Typhoon Hackers Exploited 1000+ Cisco Devices to Gain Admin Access  - The campaign highlights the ongoing vulnerability of critical infrastructure and the strategic intelligence threats posed by state-backed cyber actors. Salt Typhoon’s exploitation of Cisco devices exemplifies the growing trend of targeting ...
9 months ago Cybersecuritynews.com
Allied spy agencies blame Chinese companies for Salt Typhoon cyber espionage campaign - Allied intelligence agencies have attributed the Salt Typhoon cyber espionage campaign to Chinese companies, highlighting a significant threat in the cybersecurity landscape. Salt Typhoon is a sophisticated cyber operation targeting various sectors ...
3 months ago Therecord.media Salt Typhoon
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed - The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability to breach the systems of large organizations, steal data, and encrypt files. Although Citrix made fixes available for CVE-2023-4966 more than a month ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
Salt Security Delivers API Posture Governance Engine - PRESS RELEASE. PALO ALTO, Calif., Jan. 17, 2024 /PRNewswire/ - Salt Security, the leading API security company, today announced multiple advancements in discovery, posture management and AI-based threat protection to the industry leading Salt ...
1 year ago Darkreading.com
Chinese Tech Firms Hit by Salt Typhoon Cyber Espionage Campaign - A recent cyber espionage campaign named Salt Typhoon has been targeting Chinese technology firms, raising concerns about the increasing sophistication of state-sponsored cyber attacks. This campaign focuses on infiltrating high-profile tech companies ...
3 months ago Infosecurity-magazine.com Salt Typhoon
Citrix warns admins to kill NetScaler user sessions to block hackers - Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks. Besides applying the necessary ...
1 year ago Bleepingcomputer.com CVE-2023-4966 LockBit
Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
8 months ago Bleepingcomputer.com CVE-2024-3400
Chinese hackers breach more US telecoms via unpatched Cisco routers - Iniskt Group advises network admins operating Internet-exposed Cisco IOS XE network devices to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the Internet. These ...
9 months ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273
China-linked Salt Typhoon targets Dutch telcos with espionage campaign - A recent cyber espionage campaign attributed to the China-linked threat group Salt Typhoon has been targeting Dutch telecommunications companies. This campaign involves sophisticated tactics aimed at infiltrating and extracting sensitive information ...
3 months ago Infosecurity-magazine.com Salt Typhoon
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
1 year ago Securityweek.com CVE-2019-1653 CVE-2019-1652 Volt Typhoon
Citrix Bleed exploit lets hackers hijack NetScaler accounts - A proof-of-concept exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. ...
1 year ago Bleepingcomputer.com CVE-2023-4966
Citrix Bleed 2 exploited weeks before PoCs as Citrix denied attacks - Security researcher Kevin Beaumont has previously stated that repeated POST requests to /doAuthentication.do in NetScaler logs is a good indication that someone is attempting to exploit the flaw, especially when the request includes a Content-Length: ...
4 months ago Bleepingcomputer.com CVE-2025-5777
Solaris SE partners with Salt Security - Salt Security, the leading API security company, today announced that Solaris SE, Europe's leading embedded finance platform, has deployed Salt Security's API Security Platform to secure the company's expanding API ecosystem. Solaris' technology ...
1 year ago Itsecurityguru.org
HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
1 year ago Therecord.media CVE-2023-4966 LockBit
100+ Malicious IPs Actively Exploiting Vulnerabilities in Cisco Devices - The Cybersecurity and Infrastructure Security Agency (CISA) has released guidance for addressing the Cisco IOS XE Web UI vulnerabilities, noting that CVE-2023-20198 is a privilege escalation vulnerability in the web UI feature of Cisco’s IOS XE ...
9 months ago Cybersecuritynews.com CVE-2023-20198 CVE-2018-0171

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)