Defending Critical Infrastructure Against APTs like Salt Typhoon 

State‑sponsored threats linked to groups such as the Salt Typhoon cluster have been compromising telecom, government, transportation, lodging, and military networks worldwide. These APTs exploit known vulnerabilities in routers and edge devices, modify network infrastructure to maintain long‑term persistence, and use compromised backbone systems to pivot deeper into internal environments.  

Their objective is long‑term espionage, surveillance capability, and access to critical systems that nations and industries depend on. 

This Knowledge Sprint will explore how organisations can counter these cyber‑espionage campaigns using advanced threat hunting, proactive detection, and tools designed to identify APT activity where traditional controls fall short. 

Key Topics

Why EDR Is Not Enough 
Endpoint tools cannot see APT activity occurring on routers, backbone telecommunications equipment, provider‑edge devices, or network infrastructure that sits outside endpoint visibility.  

How APTs Evade Detection 
State‑sponsored groups maintain persistence by modifying routing, exploiting widely known vulnerabilities, mirroring traffic, and abusing trusted connections. 

Hunting APTs with Crystal Eye 
We will showcase how Red Piranha’s platform delivers threat hunting capabilities built into the product, including:

• Intrusion Detection and Prevention 
• Threat Dashboard views tailored for APT indicators 
• Cyber Threat Intelligence in Orchestrate  
• Secure Web Gateway protections 
• PECA (Passive Encryption Control Application) for encrypted traffic visibility and early compromise assessment 

Why Threat Hunting Matters for Critical Infrastructure 
Critical infrastructure organisations are key targets of these espionage campaigns, with Salt Typhoon specifically focusing on telecom backbone routers and other essential networks. 

SOC Support for Escalated Threat Hunting 
Red Piranha’s SOC team provides the expertise needed to continuously hunt, validate signals, and coordinate response actions against state‑sponsored intrusion activity.