Salt Typhoon and UNC4841 Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data

Our research team discovered a similar Chinese threat actor, UNC4841, known for exploiting a Barracuda vulnerability to gain unauthorized access to networks. UNC4841 shares overlapping technical infrastructure with Salt Typhoon and appears to have similar government and corporate targeting, raising questions about additional connections between these Chinese APT groups.

Thus, we compiled a list of all the low-density IP addresses observed in the DNS A records for any of the 45 domains related to Salt Typhoon, including its subdomains. We then paired them with the time period they were observed.

Read the complete article here.