Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques | CyberScoop<\/title> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques\"> <meta property=\"og:description\" content=\"AT&T\u2019s chief information security officer said attackers are going where traditional defenses are less commonly employed.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-09-22T20:54:41+00:00\"> <meta property=\"article:modified_time\" content=\"2025-09-22T20:54:43+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1080\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1754500264g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1757443701g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1753281318g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/86077\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.8.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=86077\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftelecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ftelecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-86077 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.831481481481\">\n<div class=\"single-article__header-content\" readability=\"30.737903225806\">\n<p> AT&T\u2019s chief information security officer said attackers are going where traditional defenses are less commonly employed. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"360\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques.jpg?resize=640%2C360&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=300,168 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=768,432 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=1024,576 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=1536,864 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=600,337 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=1200,675 1200w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-2.jpg?resize=1500,843 1500w\" sizes=\"(max-width: 1200px) 100vw, 1200px\"><figcaption> piranka, Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"45.200537885875\"><body readability=\"93.329022245215\"><\/p>\n<p>Hackers are increasingly adopting the techniques of the Chinese group that successfully infiltrated major telecommunications providers in attacks that made headlines last year by looking for unconventional weak spots, an AT&T executive said Monday.<\/p>\n<p>AT&T was one of the major providers to fall victim to the sweeping campaign from the group, known as <a href=\"https:\/\/cyberscoop.com\/tag\/salt-typhoon\/\">Salt Typhoon<\/a>, but the company has since said it evicted the hackers from its networks.<\/p>\n<p>\u201cWe\u2019re seeing adversaries really change the way they\u2019re doing things, very similar to what Salt Typhoon did,\u201d Rich Baich, chief information security officer at AT&T, said at the Google Cloud Cyber Defense Summit.<\/p>\n<p>There were three things that stood out about the way Salt Typhoon approached its campaign, he said. One was hunting for weak points in the company\u2019s ability to find and track malicious activity on physical devices like phones or laptops, known as <a href=\"https:\/\/cyberscoop.com\/tag\/endpoint-security\/\">endpoint detection and response<\/a> (EDR).<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTraditionally as practitioners, we focused on putting endpoint detection on our devices to help us provide a certain level of protection\u201d Baich said. \u201cSalt Typhoon\u2019s approach was a little bit different. They said, \u2018Well, what about all the other platforms that traditionally don\u2019t have an EDR?\u2019 And those platforms then can be utilized in many fashions, carrying out different types of actions.\u201d<\/p>\n<p>\u201cWhat we need to think about is this: Do we need to have endpoint protection elsewhere, in different platforms?\u201d Baich added. \u201dSo that\u2019s one: They\u2019re going to the areas of least resistance and not spending time trying to combat traditional security controls.\u201d<\/p>\n<p>Another technique that\u2019s growing in use since the Salt Typhoon attacks is \u201clooking for things where we don\u2019t have logs,\u201d he said. Baich said attackers are \u201cre-engineering and thinking of tradecraft techniques that allow them to circumvent known controls, and things that we may do today, but in certain parts of our networks, we may not have those things enabled.\u201d<\/p>\n<p>Lastly, Salt Typhoon and its mimics have been turning to what\u2019s called <a href=\"https:\/\/cyberscoop.com\/tag\/living-off-the-land\/\">\u201cliving off the land\u201d<\/a> attacks, where attackers rely on legitimate tools that already exist in a victim\u2019s networks.<\/p>\n<p>\u201cThird thing that they are doing is using the actual administrative tools that we use to perform those functions, so [a lesson for potential victims is] making sure that those are locked down and you understand all the administrative tools that you have in your environment,\u201d Baich said. \u201cAll of that is because they\u2019re actually trying to be part of your network.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The combination of those techniques, as well as a dedication to covering and wiping their tracks to avoid digital forensics probes, means that \u201cwe have to be much more efficient operators,\u201d he said. \u201cWe have to think outside the box. It\u2019s not just about just having the technology; it\u2019s understanding how to use the technology and understanding how your technology can be used against us.\u201d<\/p>\n<p>Ironically, network defenders might be a victim of their own success, said Rob Joyce, the former cybersecurity director of the National Security Agency.<\/p>\n<p>Defenses for the most-used technology in society today \u2014 from mobile phones to web browsers \u2014 have gotten very good, Joyce said at the same conference. Vulnerability management, patch management, threat intelligence \u2014 all have bolstered defenses, he said.<\/p>\n<p>Because of that, \u201cit just takes exploits chained together in multiple paths to get to success,\u201d said Joyce, who now runs his own cybersecurity consulting firm.<\/p>\n<p>\u201cAll of that has advanced us,\u201d he said. \u201cAt the same time, we\u2019ve evolved the attackers through that activity. I think by calling out some of the bad behavior, by highlighting the things that have worked or not worked, we\u2019ve pushed people into new exploit methodology.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"author-card\" readability=\"7.7216117216117\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/09\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques-1.jpg?w=640&ssl=1\" alt=\"Tim Starks\"> <\/figure>\n<\/p><\/div>\n<div class=\"author-card__details\" readability=\"10.901098901099\">\n<h4 class=\"author-card__name\">Written by Tim Starks<\/h4>\n<p> Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: <a href=\"mailto:tim.starks@cyberscoop.com\">tim.starks@cyberscoop.com<\/a>. <\/div>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Telecom exec: Salt Typhoon inspiring other hackers to use unconventional<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2687,271,5063,1865,304,1375,2953,310,29,288],"tags":[2688,277,5064,1867,308,1376,2956,311,37,294],"class_list":["post-8006","post","type-post","status-publish","format-standard","hentry","category-att","category-china","category-endpoint-security","category-living-off-the-land","category-national-security-agency-nsa","category-rob-joyce","category-salt-typhoon","category-technology","category-telecommunications","category-threats","tag-att","tag-china","tag-endpoint-security","tag-living-off-the-land","tag-national-security-agency-nsa","tag-rob-joyce","tag-salt-typhoon","tag-technology","tag-telecommunications","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/att\/\" rel=\"category tag\">AT&T<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/endpoint-security\/\" rel=\"category tag\">endpoint security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/living-off-the-land\/\" rel=\"category tag\">living off the land<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/national-security-agency-nsa\/\" rel=\"category tag\">National Security Agency (NSA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/rob-joyce\/\" rel=\"category tag\">Rob Joyce<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/salt-typhoon\/\" rel=\"category tag\">Salt Typhoon<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/technology\/\" rel=\"category tag\">Technology<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/telecommunications\/\" rel=\"category tag\">Telecommunications<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8006","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8006"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8006\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8006"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8006"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8006"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8006,"date":"2025-09-22T15:54:41","date_gmt":"2025-09-22T20:54:41","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=86077"},"modified":"2025-09-22T15:54:41","modified_gmt":"2025-09-22T20:54:41","slug":"telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/09\/22\/telecom-exec-salt-typhoon-inspiring-other-hackers-to-use-unconventional-techniques\/","title":{"rendered":"Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques"},"content":{"rendered":"