{
	"id": "77adf9af-097b-45aa-9511-f1b6e1960142",
	"created_at": "2026-04-06T00:13:07.948218Z",
	"updated_at": "2026-04-10T13:12:28.001183Z",
	"deleted_at": null,
	"sha1_hash": "73b8bcb70e9c854800ce81c1e5ae332d6707321d",
	"title": "Cyber incident board’s Salt Typhoon review to begin within days, CISA leader says",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 940758,
	"plain_text": "Cyber incident board’s Salt Typhoon review to begin within days,\r\nCISA leader says\r\nBy Martin Matishak\r\nPublished: 2024-12-04 · Archived: 2026-04-05 14:09:50 UTC\r\nAn independent review board will launch its investigation of an unprecedented Chinese hack of global\r\ntelecommunications systems later this week, the head of the Cybersecurity and Infrastructure Security Agency\r\nsaid on Wednesday.\r\nSpeaking to reporters after a classified briefing for all senators on Wednesday about the breach by the state-sponsored group known as Salt Typhoon, CISA Director Jen Easterly said the first meeting of the Cyber Safety\r\nReview Board (CSRB) focused on the ongoing breach will take place on Friday.\r\n“We wanted to make sure that we had a good understanding of what was happening, in terms of the scope and\r\nscale, and, quite frankly, most of the agencies who would be involved in the Cyber Safety Review Board are still\r\ninvolved in the incident response,” she said after the closed-door meeting.\r\n“We wanted to make sure we did it before the holidays, so we could start writing out how we think about the\r\nproblem, and then ultimately, what are the key recommendations that we need to bring forward to enable us to\r\nstrengthen the security of the telecommunications networks going forward,” she added.\r\nHer remarks came the day after officials from CISA and the FBI acknowledged the China-linked spies are still\r\ninside U.S. telecom networks roughly six months after the government began investigating the breach. Officials\r\nsaid Wednesday that as many as eight companies had been breached.\r\nPresident Joe Biden established the public-private panel, loosely modeled after the National Transportation Safety\r\nBoard, as part of a sweeping 2021 cybersecurity executive order. It has conducted a handful of investigations but\r\nwas thrust into the spotlight earlier this year when it issued a scathing review of Microsoft’s cloud security\r\npractices.\r\nThe White House in October established a “unified coordination group” to deal with the Salt Typhoon hack. That,\r\nin turn, started the separate, mandatory CSRB probe but it’s been unclear when it would formally begin.\r\nEasterly said officials “want to make sure we've got a pretty good set of recommendations that can be applied\r\nbroadly to the telcos, but also other infrastructure that may be using similar [network edge] devices that the actors\r\nare taking advantage of to be able to jump into our critical infrastructure.”\r\nShe predicted any recommendations likely wouldn’t come out until next spring or summer and wouldn’t be\r\ndisrupted by the transition to the Trump administration.\r\n“I'm very confident that we will be able to approach it in a deliberate way, but also with the urgency that this\r\nparticular campaign merits.”\r\nhttps://therecord.media/salt-typhoon-csrb-review\r\nPage 1 of 3\n\nEasterly declined to offer any details about what was discussed behind closed doors but indicated the session was\r\nuseful.\r\n“I thought it was a very good session, very good questions, but obviously the seriousness of this merits the work\r\nthat we all are doing across the government,\" she said.\r\nIn addition to Easterly and other CISA officials, lawmakers were briefed by Director of National Intelligence Avril\r\nHaines, U.S. Cyber Command and National Security Agency chief Timothy Haugh, Federal Communications\r\nCommission Chairwoman Jessica Rosenworcel and representatives from the FBI.\r\nMartin Matishak\r\nis the senior cybersecurity reporter for The Record. Prior to joining Recorded Future News in 2021, he spent more\r\nthan five years at Politico, where he covered digital and national security developments across Capitol Hill, the\r\nPentagon and the U.S. intelligence community. He previously was a reporter at The Hill, National Journal Group\r\nand Inside Washington Publishers.\r\nhttps://therecord.media/salt-typhoon-csrb-review\r\nPage 2 of 3\n\nSource: https://therecord.media/salt-typhoon-csrb-review\r\nhttps://therecord.media/salt-typhoon-csrb-review\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/salt-typhoon-csrb-review"
	],
	"report_names": [
		"salt-typhoon-csrb-review"
	],
	"threat_actors": [
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434387,
	"ts_updated_at": 1775826748,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/73b8bcb70e9c854800ce81c1e5ae332d6707321d.pdf",
		"text": "https://archive.orkl.eu/73b8bcb70e9c854800ce81c1e5ae332d6707321d.txt",
		"img": "https://archive.orkl.eu/73b8bcb70e9c854800ce81c1e5ae332d6707321d.jpg"
	}
}