State-Sponsored Cyber Actors Execute Unprecedented Infrastructure Penetration Campaign in 2024

Salt Typhoon and RedNovember Operations Target Government Defense Networks Across 155 Countries

Massive Global Espionage Operation

State-sponsored cyber actors conducted an unprecedented global espionage campaign in 2024, with operations spanning 155 countries and targeting critical infrastructure, government networks, and defense organizations. The campaign, designated as 'Shadow Campaigns,' represented one of the largest documented cyber espionage operations in recent history.

Salt Typhoon Telecommunications Breach

Chinese state-sponsored actors operating under the Salt Typhoon designation achieved a massive intelligence breakthrough by infiltrating major U.S. telecommunications providers including Verizon and AT&T. The operation compromised telecommunications infrastructure, potentially providing access to communications metadata and enabling surveillance capabilities against high-value targets including government officials and private citizens.

RedNovember Global Targeting

A separate Chinese APT group, designated RedNovember, conducted systematic targeting of government, defense, and technology organizations worldwide between December 2024. The campaign utilized legitimate tools and living-off-the-land techniques to maintain persistence within target networks while avoiding detection by traditional security measures.

Multi-Sector Infrastructure Targeting

The coordinated campaigns targeted diverse critical infrastructure sectors including energy, telecommunications, defense manufacturing, and government networks. Operations specifically focused on Brazil's Ministry of Mines and Energy, Bolivian mining entities, Mexican government ministries, and numerous defense contractors across multiple continents.

Advanced Persistent Threat Evolution

The 2024 operations demonstrated significant evolution in APT group tactics, incorporating cloud-based command and control infrastructure, legitimate tool abuse, and collaborative operational models. Threat actors increasingly relied on PowerShell, remote desktop protocols, and other legitimate administrative tools to conduct espionage while blending with normal network traffic.

Intelligence Community Response

U.S. intelligence agencies documented the scope and sophistication of these operations through comprehensive threat assessments and public attributions. The campaigns highlighted the need for enhanced critical infrastructure protection and international cooperation in cybersecurity defense against state-sponsored threats.