Ep 11 - Salt Typhoon Exposed: Breaking Down CISA Advisory AA25-239
In this special episode of The Cyber Resilience Brief, Tova Dvorin and Adrian Culley break down CISA Advisory AA25-239—a joint alert from CISA, NSA, FBI, and global cyber partners on the long-running Chinese state-sponsored threat group Salt Typhoon.
Salt Typhoon has been quietly infiltrating critical infrastructure for years by exploiting outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, scheduled tasks, and built-in administrative tools—making them nearly invisible.
In this episode, you’ll learn:
- The key TTPs and IOCs highlighted in the advisory
- How router exploitation, credential hijacking, and stealthy exfiltration enable long-term access
- Why traditional detection struggles to identify state-sponsored dwell time
What to implement now:
- Immediate patching & router hardening
- MFA everywhere (no exceptions)
- Network segmentation to limit impact
- Continuous monitoring for lateral movement & persistence
How to defend proactively:
- Breach and Attack Simulation (BAS)
- Adversarial Exposure Validation (AEV)
- Continuous Automated Red Teaming (CART)