
COMING SOONAdvancedPRO
Salt Typhoon: Telecom Carrier Espionage
A nation-state actor exploited a pre-authentication vulnerability in the IOS XE WebUI of an Axiom Carrier Services edge router, planted a flash-resident implant, and configured ERSPAN mirroring on the core switch to intercept subscriber traffic. Reconstruct the compromise from router syslog, perimeter firewall, and a PCAP capture spanning the initial exploit through credential exfiltration.
1h 30m
8 tasks
150 points
ProLaunches tomorrow
Jul 3, 2026
View Pro plansFriday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
SIEMFirewall
What you'll investigate
8 objectives unlock when this operation goes live.
1Locate the initial access vector
2Identify the backdoor account
3Confirm the persistence mechanism
4Trace the primary C2 channel
5Classify the secondary C2 technique
6Identify the traffic interception method
7Pin down the exfiltration endpoint
8Attribute the credential access technique
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever