Dozens of domains tapped by Chinese hacking operations uncovered

Chinese state-sponsored threat groups Salt Typhoon and UNC4841 were discovered to have used 45 domains registered as early as May 2020 to facilitate cyberespionage operations, according to The Hacker News. More than a third of the identified domains without legitimate addresses have been registered using three Proton Mail email accounts, a report from Silent Push showed. Researchers also found that multiple domains were associated with high-density IP addresses, while others linked to low-density IP addresses have been created as early as October 2021. Such findings indicate the Salt Typhoon has long been conducting illicit cyber activity prior to last year's sweeping attacks against critical infrastructure. "...[W]e strongly urge any organization that believes itself to be at risk of Chinese espionage to search its DNS logs for the past five years for requests to any of the domains in our archive feed, or their subdomains. It would also be prudent to check for requests to any of the listed IP addresses, particularly during the time periods in which this actor operated them," said Silent Push.