Chinese Hackers Exploit Citrix Flaw to Breach European Telecom

"Salt Typhoon exploits Citrix vulnerability in European telecom, using advanced malware techniques to bypass traditional detection methods."

By Content Team

Oct 20, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Chinese cyber group Salt Typhoon exploited a Citrix NetScaler Gateway vulnerability to infiltrate a European telecommunications company in July 2025. The hackers used advanced techniques including DLL sideloading and deployed SNAPPYBEE backdoor malware, hiding malicious code within legitimate antivirus software from Norton and other vendors.

Salt Typhoon, active since 2019, has targeted critical infrastructure across 80+ countries including telecommunications, energy, and government systems. The group used SoftEther VPN to mask their location and established communication with command-and-control servers.

Darktrace researchers identified the attack through behavioral anomalies, emphasizing that traditional signature-based detection isn't enough against sophisticated state-sponsored groups that blend into normal network operations.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical Net-SNMP Flaw Threatens Network Infrastructure Worldwide

Dec 25, 2025

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025

Medical Giant Stryker Hit by Cyberattack Linked to Iranian Group

Mar 12, 2026

Asian Cyberspy Group Infiltrates Government Systems Across 37 Countries

Feb 9, 2026