New Infrastructure Discovery: Salt Typhoon (APT) - December 2025 Analysis
New Infrastructure Discovery: Salt Typhoon (APT) - December 2025 Analysis Recent telemetry and infrastructure tracking have identified a significant set of new network assets linked to the Chinese cyber-espionage actor known as Salt Typhoon (also tracked as FamousSparrow or GhostEmperor). This update provides a breakdown of recently observed domains, their operational timeframes, and the low-density IP addresses utilized for Command and Control (C2) or staging operations. Executive Summary Salt Typhoon continues to demonstrate a high level of operational security, frequently cycling through low-density IP addresses and utilizing domains that mimic legitimate business or technical services. The infrastructure identified in this report spans from late 2021 through mid-2025, suggesting long-term persistence and planning for various campaign phases. Infrastructure Breakdown Below is the detailed list of domains and associated network artifacts. Domain Observation Timeframe Related IP...