{
	"id": "4dd65077-0496-4bb2-9713-08e21188a45f",
	"created_at": "2026-04-06T00:10:15.596929Z",
	"updated_at": "2026-04-10T03:34:28.311394Z",
	"deleted_at": null,
	"sha1_hash": "b6eff74a6b65bfb5f26a3a49c35c7345e63533a1",
	"title": "Telecom giant Viasat breached by China's Salt Typhoon hackers",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1238457,
	"plain_text": "Telecom giant Viasat breached by China's Salt Typhoon hackers\r\nBy Sergiu Gatlan\r\nPublished: 2025-06-19 · Archived: 2026-04-05 15:33:32 UTC\r\nSatellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has\r\npreviously hacked into the networks of multiple other telecom providers in the United States and worldwide.\r\nViasat provides satellite broadband services to governments worldwide and aviation, military, energy, maritime, and\r\nenterprise customers. Last month, the telecom giant told shareholders that it had approximately 189,000 broadband\r\nsubscribers in the United States.\r\nThe company discovered the Salt Typhoon breach earlier this year and has been working with federal authorities to\r\ninvestigate the attack, as Bloomberg first reported.\r\nhttps://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Viasat and its independent third-party cybersecurity partner investigated a report of unauthorized access through a\r\ncompromised device. Upon completing a thorough investigation, no evidence was found to suggest any impact to\r\ncustomers,\" Viasat told BleepingComputer.\r\n\"Viasat engaged with government partners as part of its investigation. Due to the sensitive nature of information sharing\r\nwith government partners, we are unable to provide further details. Viasat believes that the incident has been remediated and\r\nhas not detected any recent activity related to this event.\"\r\nBleepingComputer first contacted Viasat in February with questions regarding a potential breach, but received no reply at\r\nthe time.\r\nRussian hackers also breached Viasat's KA-SAT consumer-oriented satellite broadband service in February 2022, wiping\r\nsatellite modems using AcidRain data wiper malware roughly one hour before Russia invaded Ukraine.\r\nThe 2022 cyberattack impacted tens of thousands of broadband customers in Ukraine and Europe, including modems\r\ncontrolling roughly 5,800 wind turbines in Germany.\r\nSalt Typhoon telecom breaches\r\nAs the FBI and CISA confirmed in October, the Chinese Salt Typhoon state hackers had breached multiple telecom\r\nproviders (including AT\u0026T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream)\r\nand other telecom companies in dozens of countries.\r\nWhile inside U.S. telecom networks, the attackers also accessed the U.S. law enforcement's wiretapping platform and gained\r\naccess to the \"private communications\" of a \"limited number\" of U.S. government officials.\r\nEarlier this month, NSA and CISA officials also tagged Comcast and Digital Realty as potentially compromised in Salt\r\nTyphoon's telecom attacks.\r\nSalt Typhoon has been breaching government organizations and telecom companies since at least 2019 and kept actively\r\ntargeting telecoms between December 2024 and January 2025, breaching more telecommunications providers worldwide via\r\nunpatched Cisco IOS XE network devices.\r\nhttps://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/\r\nhttps://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers/"
	],
	"report_names": [
		"telecom-giant-viasat-breached-by-chinas-salt-typhoon-hackers"
	],
	"threat_actors": [
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434215,
	"ts_updated_at": 1775792068,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b6eff74a6b65bfb5f26a3a49c35c7345e63533a1.pdf",
		"text": "https://archive.orkl.eu/b6eff74a6b65bfb5f26a3a49c35c7345e63533a1.txt",
		"img": "https://archive.orkl.eu/b6eff74a6b65bfb5f26a3a49c35c7345e63533a1.jpg"
	}
}