Home / News

Chinese APT Groups Exploit Global Domains in Sweeping Cyber Campaign

By CircleID Reporter
  • September 15, 2025, 10:38 am PDT
  • Views: 9,190
  • Add Comment
Illustration: Mirsad Sarajlic / Getty Images

A years-long cyberespionage campaign by a Chinese state-sponsored group known as Salt Typhoon has revealed a striking escalation in both scale and technical sophistication. Operating since at least 2019, the group leveraged a network of compromised domains and DNS infrastructure to infiltrate telecommunications, transportation, and government systems across more than 80 countries.

Stealth access: Recent cybersecurity reports show that hundreds of newly uncovered domains, many dormant for years, were used to maintain long-term access to sensitive networks. Analysts warn that these domains—often mimicking legitimate business or service platforms—were instrumental in enabling covert surveillance, data theft, and reconnaissance operations. Businesses are now being urged to review historical DNS logs to identify signs of past compromise.

Global condemnation: The breadth of the campaign has alarmed Western intelligence agencies. A joint statement by the US, UK, Canada, Germany, and several allies labelled the attacks “indiscriminate” and “unrestrained.” The attackers exploited known vulnerabilities and intercepted unencrypted communications, even targeting politicians’ mobile devices during election campaigns.

What sets Salt Typhoon apart is its patience. Rather than quick data theft, the group employed persistent access strategies, allowing them to quietly siphon data over time. This marks a shift in Beijing’s approach—from rudimentary intellectual property theft to strategic, infrastructure-level espionage. Data harvested could now be used to track individuals’ movements and communications globally, giving Chinese intelligence a long-term surveillance edge.

The domains linked to Salt Typhoon are now being mapped by threat researchers, who fear that the infrastructure may have supported other Chinese APT operations.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

 Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS Security

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

New TLDs

Sponsored byRadix

View All Topics