Skip to main content
Salt Typhoon: Telecom Carrier Espionage operation cover
COMING SOONAdvancedPRO

Salt Typhoon: Telecom Carrier Espionage

A nation-state actor exploited a pre-authentication vulnerability in the IOS XE WebUI of an Axiom Carrier Services edge router, planted a flash-resident implant, and configured ERSPAN mirroring on the core switch to intercept subscriber traffic. Reconstruct the compromise from router syslog, perimeter firewall, and a PCAP capture spanning the initial exploit through credential exfiltration.

1h 30m
8 tasks
150 points
Pro

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

SIEMFirewall

What you'll investigate

8 objectives unlock when this operation goes live.

1Locate the initial access vector
2Identify the backdoor account
3Confirm the persistence mechanism
4Trace the primary C2 channel
5Classify the secondary C2 technique
6Identify the traffic interception method
7Pin down the exfiltration endpoint
8Attribute the credential access technique

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever