Blog
/
Network
/
October 20, 2025

Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion

Salt Typhoon, a China-linked cyber espionage group, has been observed targeting global infrastructure using stealthy techniques such as DLL sideloading and zero-day exploits. Darktrace recently identified early-stage intrusion activity consistent with Salt Typhoon’s tactics, reinforcing the importance of anomaly-based detection over traditional signature-based methods when defending against persistent, state-sponsored threat.
Written by
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
Written by
Sam Lister
Specialist Security Researcher
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
Written by
Sam Lister
Specialist Security Researcher
salt typhoonDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
20
Oct 2025

What is Salt Typhoon?

Salt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China (PRC), this advanced persistent threat (APT) group has executed a series of high-impact campaigns against telecommunications providers, energy networks, and government systems—most notably across the United States.

Active since at least 2019, the group — also tracked as Earth Estries, GhostEmperor, and UNC2286 — has demonstrated advanced capabilities in exploiting edge devices, maintaining deep persistence, and exfiltrating sensitive data across more than 80 countries. While much of the public reporting has focused on U.S. targets, Salt Typhoon’s operations have extended into Europe, the Middle East, and Africa (EMEA) where it has targeted telecoms, government entities, and technology firms. Its use of custom malware and exploitation of high-impact vulnerabilities (e.g., Ivanti, Fortinet, Cisco) underscores the strategic nature of its campaigns, which blend intelligence collection with geopolitical influence [1].

Leveraging zero-day exploits, obfuscation techniques, and lateral movement strategies, Salt Typhoon has demonstrated an alarming ability to evade detection and maintain long-term access to sensitive environments. The group’s operations have exposed lawful intercept systems, compromised metadata for millions of users, and disrupted essential services, prompting coordinated responses from intelligence agencies and private-sector partners worldwide. As organizations reassess their threat models, Salt Typhoon serves as a stark reminder of the evolving nature of nation-state cyber operations and the urgent need for proactive defense strategies.

Darktrace’s coverage

In this case, Darktrace observed activity in a European telecommunications organisation consistent with Salt Typhoon’s known tactics, techniques and procedures (TTPs), including dynamic-link library (DLL) sideloading and abuse of legitimate software for stealth and execution.

Initial access

The intrusion began with exploitation of CVE-2025-5777, a vulnerability affecting Citrix NetScaler Gateway appliances, in the first week of July 2025. From there, the actor pivoted to Citrix Virtual Delivery Agent (VDA) hosts in the client’s Machine Creation Services (MCS) subnet. Initial access activities in the intrusion originated from an endpoint potentially associated with the SoftEther VPN service, suggesting infrastructure obfuscation from the outset.

Tooling

Darktrace subsequently observed the threat actor delivering a backdoor assessed with high confidence to be SNAPPYBEE (also known as Deed RAT) [2][3] to multiple Citrix VDA hosts. The backdoor was delivered to these internal endpoints as a DLL alongside legitimate executable files for antivirus software such as Norton Antivirus, Bkav Antivirus, and IObit Malware Fighter. This pattern of activity indicates that the attacker relied on DLL side-loading via legitimate antivirus software to execute their payloads. Salt Typhoon and similar groups have a history of employing this technique [4][5], enabling them to execute payloads under the guise of trusted software and bypassing traditional security controls.

Command-and-Control (C2)

The backdoor delivered by the threat actor leveraged LightNode VPS endpoints for C2, communicating over both HTTP and an unidentified TCP-based protocol. This dual-channel setup is consistent with Salt Typhoon’s known use of non-standard and layered protocols to evade detection. The HTTP communications displayed by the backdoor included POST requests with an Internet Explorer User-Agent header and Target URI patterns such as “/17ABE7F017ABE7F0”. One of the C2 hosts contacted by compromised endpoints was aar.gandhibludtric[.]com (38.54.63[.]75), a domain recently linked to Salt Typhoon [6].

Detection timeline

Darktrace produced high confidence detections in response to the early stages of the intrusion, with both the initial tooling and C2 activities being strongly covered by both investigations by Darktrace Cyber AI AnalystTM investigations and Darktrace models. Despite the sophistication of the threat actor, the intrusion activity identified and remediated before escalating beyond these early stages of the attack, with Darktrace’s timely high-confidence detections likely playing a key role in neutralizing the threat.

Cyber AI Analyst observations

Darktrace’s Cyber AI Analyst autonomously investigated the model alerts generated by Darktrace during the early stages of the intrusion. Through its investigations, Cyber AI Analyst discovered the initial tooling and C2 events and pieced them together into unified incidents representing the attacker’s progression.

Cyber AI Analyst weaved together separate events from the intrusion into broader incidents summarizing the attacker’s progression.
Figure 1: Cyber AI Analyst weaved together separate events from the intrusion into broader incidents summarizing the attacker’s progression.

Conclusion

Based on overlaps in TTPs, staging patterns, infrastructure, and malware, Darktrace assesses with moderate confidence that the observed activity was consistent with Salt Typhoon/Earth Estries (ALA GhostEmperor/UNC2286). Salt Typhoon continues to challenge defenders with its stealth, persistence, and abuse of legitimate tools. As attackers increasingly blend into normal operations, detecting behavioral anomalies becomes essential for identifying subtle deviations and correlating disparate signals. The evolving nature of Salt Typhoon’s tradecraft, and its ability to repurpose trusted software and infrastructure, ensures it will remain difficult to detect using conventional methods alone. This intrusion highlights the importance of proactive defense, where anomaly-based detections, not just signature matching, play a critical role in surfacing early-stage activity.

Credit to Nathaniel Jones (VP, Security & AI Strategy, FCISO), Sam Lister (Specialist Security Researcher), Emma Foulger (Global Threat Research Operations Lead), Adam Potter (Senior Cyber Analyst)

Edited by Ryan Traill (Analyst Content Lead)

Appendices

Indicators of Compromise (IoCs)

IoC-Type-Description + Confidence

89.31.121[.]101 – IP Address – Possible C2 server

hxxp://89.31.121[.]101:443/WINMM.dll - URI – Likely SNAPPYBEE download

b5367820cd32640a2d5e4c3a3c1ceedbbb715be2 - SHA1 – Likely SNAPPYBEE download

hxxp://89.31.121[.]101:443/NortonLog.txt - URI - Likely DLL side-loading activity

hxxp://89.31.121[.]101:443/123.txt - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/123.tar - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/pdc.exe - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443//Dialog.dat - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/fltLib.dll - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/DisplayDialog.exe - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/DgApi.dll - URI - Likely DLL side-loading activity

hxxp://89.31.121[.]101:443/dbindex.dat - URI - Likely DLL side-loading activity

hxxp://89.31.121[.]101:443/1.txt - URI - Possible DLL side-loading activity

hxxp://89.31.121[.]101:443/imfsbDll.dll – Likely DLL side-loading activity

hxxp://89.31.121[.]101:443/imfsbSvc.exe - URI – Likely DLL side-loading activity

aar.gandhibludtric[.]com – Hostname – Likely C2 server

38.54.63[.]75 – IP – Likely C2 server

156.244.28[.]153 – IP – Possible C2 server

hxxp://156.244.28[.]153/17ABE7F017ABE7F0 - URI – Possible C2 activity

MITRE TTPs

Technique | Description

T1190 | Exploit Public-Facing Application - Citrix NetScaler Gateway compromise

T1105 | Ingress Tool Transfer – Delivery of backdoor to internal hosts

T1665 | Hide Infrastructure – Use of SoftEther VPN for C2

T1574.001 | Hijack Execution Flow: DLL – Execution of backdoor through DLL side-loading

T1095 | Non-Application Layer Protocol – Unidentified application-layer protocol for C2 traffic

T1071.001| Web Protocols – HTTP-based C2 traffic

T1571| Non-Standard Port – Port 443 for unencrypted HTTP traffic

Darktrace Model Alerts during intrusion

Anomalous File::Internal::Script from Rare Internal Location

Anomalous File::EXE from Rare External Location

Anomalous File::Multiple EXE from Rare External Locations

Anomalous Connection::Possible Callback URL

Antigena::Network::External Threat::Antigena Suspicious File Block

Antigena::Network::Significant Anomaly::Antigena Significant Server Anomaly Block

Antigena::Network::Significant Anomaly::Antigena Controlled and Model Alert

Antigena::Network::Significant Anomaly::Antigena Alerts Over Time Block

Antigena::Network::External Threat::Antigena File then New Outbound Block  

References

[1] https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a

[2] https://www.trendmicro.com/en_gb/research/24/k/earth-estries.html

[3] https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/k/earth-estries/IOC_list-EarthEstries.txt

[4] https://www.trendmicro.com/en_gb/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html

[5] https://lab52.io/blog/deedrat-backdoor-enhanced-by-chinese-apts-with-advanced-capabilities/

[6] https://www.silentpush.com/blog/salt-typhoon-2025/

The content provided in this blog is published by Darktrace for general informational purposes only and reflects our understanding of cybersecurity topics, trends, incidents, and developments at the time of publication. While we strive to ensure accuracy and relevance, the information is provided “as is” without any representations or warranties, express or implied. Darktrace makes no guarantees regarding the completeness, accuracy, reliability, or timeliness of any information presented and expressly disclaims all warranties.

Nothing in this blog constitutes legal, technical, or professional advice, and readers should consult qualified professionals before acting on any information contained herein. Any references to third-party organizations, technologies, threat actors, or incidents are for informational purposes only and do not imply affiliation, endorsement, or recommendation.

Darktrace, its affiliates, employees, or agents shall not be held liable for any loss, damage, or harm arising from the use of or reliance on the information in this blog.

The cybersecurity landscape evolves rapidly, and blog content may become outdated or superseded. We reserve the right to update, modify, or remove any content.

Written by
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
Written by
Sam Lister
Specialist Security Researcher
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Nathaniel Jones
VP, Security & AI Strategy, Field CISO
Written by
Sam Lister
Specialist Security Researcher

Beyond MFA: Detecting Adversary-in-the-Middle Attacks and Phishing with Darktrace

Email
December 15, 2025
Watch the NIS2 Webinar
Trending blogs
1
Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
Nov 19, 2025
2
How Empowering End Users can Improve Your Email Security and Decrease the Burden on the SOC
May 8, 2024
3
Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
Jun 21, 2024
4
The State of AI in Cybersecurity: Unveiling Global Insights from 1,800 Security Practitioners
Apr 9, 2024
5
The State of AI in Cybersecurity: The Impact of AI on Cybersecurity Solutions
May 13, 2024

More in this series

No items found.
Continue reading
Network
December 10, 2025

React2Shell: How Opportunist Attackers Exploited CVE-2025-55182 Within Hours

Darktrace observed opportunistic exploitation of the React2Shell vulnerability within minutes of honeypot deployment. Attackers leveraged shell scripts, HTTP beaconing, and cryptomining activity, highlighting rapid adaptation to unpatched flaws.
Nathaniel Bill
Malware Research Engineer
Read more
Network
December 4, 2025

Atomic Stealer: Darktrace’s Investigation of a Growing macOS Threat

Atomic Stealer is rapidly emerging as a significant macOS threat, using infostealing and backdoor capabilities to target Apple users worldwide. Darktrace observed campaigns in 24 countries, detecting activity across multiple kill chain stages and providing recommended actions to contain attacks.
Isabel Evans
Cyber Analyst
Read more
Network
November 26, 2025

CastleLoader & CastleRAT: Behind TAG150’s Modular Malware Delivery System

TAG-150, a MaaS operator active since March 2025, uses CastleLoader and CastleRAT in multi-stage attacks. CastleLoader acts as a loader that retrieves and executes additional malware through deceptive domains and malicious GitHub repositories, while CastleRAT functions as a remote access trojan providing attackers with system control, command execution, and data theft capabilities. Darktrace detected and blocked early attack activity, leveraging Autonomous Response to prevent further compromise and protect enterprise networks.
Read more

Blog

/

/

December 22, 2025

The Year Ahead: AI Cybersecurity Trends to Watch in 2026

2026 cyber threat trendsDefault blog imageDefault blog image

Introduction: 2026 cyber trends

Each year, we ask some of our experts to step back from the day-to-day pace of incidents, vulnerabilities, and headlines to reflect on the forces reshaping the threat landscape. The goal is simple:  to identify and share the trends we believe will matter most in the year ahead, based on the real-world challenges our customers are facing, the technology and issues our R&D teams are exploring, and our observations of how both attackers and defenders are adapting.  

In 2025, we saw generative AI and early agentic systems moving from limited pilots into more widespread adoption across enterprises. Generative AI tools became embedded in SaaS products and enterprise workflows we rely on every day, AI agents gained more access to data and systems, and we saw glimpses of how threat actors can manipulate commercial AI models for attacks. At the same time, expanding cloud and SaaS ecosystems and the increasing use of automation continued to stretch traditional security assumptions.

Looking ahead to 2026, we’re already seeing the security of AI models, agents, and the identities that power them becoming a key point of tension – and opportunity -- for both attackers and defenders. Long-standing challenges and risks such as identity, trust, data integrity, and human decision-making will not disappear, but AI and automation will increase the speed and scale of the cyber risk.  

Here's what a few of our experts believe are the trends that will shape this next phase of cybersecurity, and the realities organizations should prepare for.  

Agentic AI is the next big insider risk

In 2026, organizations may experience their first large-scale security incidents driven by agentic AI behaving in unintended ways—not necessarily due to malicious intent, but because of how easily agents can be influenced. AI agents are designed to be helpful, lack judgment, and operate without understanding context or consequence. This makes them highly efficient—and highly pliable. Unlike human insiders, agentic systems do not need to be socially engineered, coerced, or bribed. They only need to be prompted creatively, misinterpret legitimate prompts, or be vulnerable to indirect prompt injection. Without strong controls around access, scope, and behavior, agents may over-share data, misroute communications, or take actions that introduce real business risk. Securing AI adoption will increasingly depend on treating agents as first-class identities—monitored, constrained, and evaluated based on behavior, not intent.

-- Nicole Carignan, SVP of Security & AI Strategy

Prompt Injection moves from theory to front-page breach

We’ll see the first major story of an indirect prompt injection attack against companies adopting AI either through an accessible chatbot or an agentic system ingesting a hidden prompt. In practice, this may result in unauthorized data exposure or unintended malicious behavior by AI systems, such as over-sharing information, misrouting communications, or acting outside their intended scope. Recent attention on this risk—particularly in the context of AI-powered browsers and additional safety layers being introduced to guide agent behavior—highlights a growing industry awareness of the challenge.  

-- Collin Chapleau, Senior Director of Security & AI Strategy

Humans are even more outpaced, but not broken

When it comes to cyber, people aren’t failing; the system is moving faster than they can. Attackers exploit the gap between human judgment and machine-speed operations. The rise of deepfakes and emotion-driven scams that we’ve seen in the last few years reduce our ability to spot the familiar human cues we’ve been taught to look out for. Fraud now spans social platforms, encrypted chat, and instant payments in minutes. Expecting humans to be the last line of defense is unrealistic.

Defense must assume human fallibility and design accordingly. Automated provenance checks, cryptographic signatures, and dual-channel verification should precede human judgment. Training still matters, but it cannot close the gap alone. In the year ahead, we need to see more of a focus on partnership: systems that absorb risk so humans make decisions in context, not under pressure.

-- Margaret Cunningham, VP of Security & AI Strategy

AI removes the attacker bottleneck—smaller organizations feel the impact

One factor that is currently preventing more companies from breaches is a bottleneck on the attacker side: there’s not enough human hacker capital. The number of human hands on a keyboard is a rate-determining factor in the threat landscape. Further advancements of AI and automation will continue to open that bottleneck. We are already seeing that. The ostrich approach of hoping that one’s own company is too obscure to be noticed by attackers will no longer work as attacker capacity increases.  

-- Max Heinemeyer, Global Field CISO

SaaS platforms become the preferred supply chain target

Attackers have learned a simple lesson: compromising SaaS platforms can have big payouts. As a result, we’ll see more targeting of commercial off-the-shelf SaaS providers, which are often highly trusted and deeply integrated into business environments. Some of these attacks may involve software with unfamiliar brand names, but their downstream impact will be significant. In 2026, expect more breaches where attackers leverage valid credentials, APIs, or misconfigurations to bypass traditional defenses entirely.

-- Nathaniel Jones, VP of Security & AI Strategy

Increased commercialization of generative AI and AI assistants in cyber attacks

One trend we’re watching closely for 2026 is the commercialization of AI-assisted cybercrime. For example, cybercrime prompt playbooks sold on the dark web—essentially copy-and-paste frameworks that show attackers how to misuse or jailbreak AI models. It’s an evolution of what we saw in 2025, where AI lowered the barrier to entry. In 2026, those techniques become productized, scalable, and much easier to reuse.  

-- Toby Lewis, Global Head of Threat Analysis

Conclusion

Taken together, these trends underscore that the core challenges of cybersecurity are not changing dramatically -- identity, trust, data, and human decision-making still sit at the core of most incidents. What is changing quickly is the environment in which these challenges play out. AI and automation are accelerating everything: how quickly attackers can scale, how widely risk is distributed, and how easily unintended behavior can create real impact. And as technology like cloud services and SaaS platforms become even more deeply integrated into businesses, the potential attack surface continues to expand.  

Predictions are not guarantees. But the patterns emerging today suggest that 2026 will be a year where securing AI becomes inseparable from securing the business itself. The organizations that prepare now—by understanding how AI is used, how it behaves, and how it can be misused—will be best positioned to adopt these technologies with confidence in the year ahead.

Learn more about how to secure AI adoption in the enterprise without compromise by registering to join our live launch webinar on February 3, 2026.  

Continue reading
About the author
The Darktrace Community

Blog

/

Email

/

December 22, 2025

Why Organizations are Moving to Label-free, Behavioral DLP for Outbound Email

Man at laptopDefault blog imageDefault blog image

Why outbound email DLP needs reinventing

In 2025, the global average cost of a data breach fell slightly — but remains substantial at USD 4.44 million (IBM Cost of a Data Breach Report 2025). The headline figure hides a painful reality: many of these breaches stem not from sophisticated hacks, but from simple human error: mis-sent emails, accidental forwarding, or replying with the wrong attachment. Because outbound email is a common channel for sensitive data leaving an organization, the risk posed by everyday mistakes is enormous.

In 2025, 53% of data breaches involved customer PII, making it the most commonly compromised asset (IBM Cost of a Data Breach Report 2025). This makes “protection at the moment of send” essential. A single unintended disclosure can trigger compliance violations, regulatory scrutiny, and erosion of customer trust –consequences that are disproportionate to the marginal human errors that cause them.

Traditional DLP has long attempted to mitigate these impacts, but it relies heavily on perfect labelling and rigid pattern-matching. In reality, data loss rarely presents itself as a neat, well-structured pattern waiting to be caught – it looks like everyday communication, just slightly out of context.

How data loss actually happens

Most data loss comes from frustratingly familiar scenarios. A mistyped name in auto-complete sends sensitive data to the wrong “Alex.” A user forwards a document to a personal Gmail account “just this once.” Someone shares an attachment with a new or unknown correspondent without realizing how sensitive it is.

Traditional, content-centric DLP rarely catches these moments. Labels are missing or wrong. Regexes break the moment the data shifts formats. And static rules can’t interpret the context that actually matters – the sender-recipient relationship, the communication history, or whether this behavior is typical for the user.

It’s the everyday mistakes that hurt the most. The classic example: the Friday 5:58 p.m. mis-send, when auto-complete selects Martin, a former contractor, instead of Marta in Finance.

What traditional DLP approaches offer (and where gaps remain)

Most email DLP today follows two patterns, each useful but incomplete.

  • Policy- and label-centric DLP works when labels are correct — but content is often unlabeled or mislabeled, and maintaining classification adds friction. Gaps appear exactly where users move fastest
  • Rule and signature-based approaches catch known patterns but miss nuance: human error, new workflows, and “unknown unknowns” that don’t match a rule

The takeaway: Protection must combine content + behavior + explainability at send time, without depending on perfect labels.

Your technology primer: The three pillars that make outbound DLP effective

1) Label-free (vs. data classification)

Protects all content, not just what’s labeled. Label-free analysis removes classification overhead and closes gaps from missing or incorrect tags. By evaluating content and context at send time, it also catches misdelivery and other payload-free errors.

  • No labeling burden; no regex/rule maintenance
  • Works when tags are missing, wrong, or stale
  • Detects misdirected sends even when labels look right

2) Behavioral (vs. rules, signatures, threat intelligence)

Understands user behavior, not just static patterns. Behavioral analysis learns what’s normal for each person, surfacing human error and subtle exfiltration that rules can’t. It also incorporates account signals and inbound intel, extending across email and Teams.

  • Flags risk without predefined rules or IOCs
  • Catches misdelivery, unusual contacts, personal forwards, odd timing/volume
  • Blends identity and inbound context across channels

3) Proprietary DSLM (vs. generic LLM)

Optimized for precise, fast, explainable on-send decisions. A DSLM understands email/DLP semantics, avoids generative risks, and stays auditable and privacy-controlled, delivering intelligence reliably without slowing mail flow.

  • Low-latency, on-send enforcement
  • Non-generative for predictable, explainable outcomes
  • Governed model with strong privacy and auditability

The Darktrace approach to DLP

Darktrace / EMAIL – DLP stops misdelivery and sensitive data loss at send time using hold/notify/justify/release actions. It blends behavioral insight with content understanding across 35+ PII categories, protecting both labeled and unlabeled data. Every action is paired with clear explainability: AI narratives show exactly why an email was flagged, supporting analysts and helping end-users learn. Deployment aligns cleanly with existing SOC workflows through mail-flow connectors and optional Microsoft Purview label ingestion, without forcing duplicate policy-building.

Deployment is simple: Microsoft 365 routes outbound mail to Darktrace for real-time, inline decisions without regex or rule-heavy setup.

A buyer’s checklist for DLP solutions

When choosing your DLP solution, you want to be sure that it can deliver precise, explainable protection at the moment it matters – on send – without operational drag.  

To finish, we’ve compiled a handy list of questions you can ask before choosing an outbound DLP solution:

  • Can it operate label free when tags are missing or wrong? 
  • Does it truly learn per user behavior (no shortcuts)? 
  • Is there a domain specific model behind the content understanding (not a generic LLM)? 
  • Does it explain decisions to both analysts and end users? 
  • Will it integrate with your label program and SOC workflows rather than duplicate them? 

For a deep dive into Darktrace’s DLP solution, check out the full solution brief.

[related-resource]

Continue reading
About the author
Carlos Gray
Senior Product Marketing Manager, Email
Your data. Our AI.
Elevate your network security with Darktrace AI