Last December, the release of joint guidance from CISA and its partners made clear that Chinese state-sponsored groups were systematically targeting telecommunications providers. That campaign, tracked in the industry as Salt Typhoon, exposed how deeply adversaries could entrench themselves within the networks that carry the world’s most sensitive communications.
On August 27, 2025, the same coalition of international security agencies issued an even more sobering advisory. This time, the warning goes far beyond telcos. The findings show that Chinese advanced persistent threat (APT) actors are compromising a wide range of critical infrastructure, from government and military networks to transportation and lodging systems, feeding data into what officials describe as a global espionage system.
The picture is no longer about isolated incidents against one sector. It is about persistent, stealthy access across the backbone of international communications and services. For defenders, the lesson is clear: hardening steps are necessary, but on their own, they are not enough. Persistent attackers with global reach require post-compromise visibility and detection to prevent long-term espionage and data theft.
What’s New in the August 2025 Advisory
The August 27 advisory from CISA, NSA, FBI, and more than a dozen international partners outlines a broader, more aggressive campaign than what was described in December 2024. Three shifts stand out:
1. Expansion beyond telecommunications.
While Salt Typhoon focused primarily on the communications sector, this latest report shows Chinese state-sponsored actors compromising a wider range of infrastructure worldwide. Targets now include government agencies, transportation systems, lodging networks, and even military environments. The scope is global, with activity observed across the United States, Europe, Asia, and beyond.
2. Unified attribution to a global espionage system.
Industry has long tracked pieces of this activity under names like Salt Typhoon, RedMike, GhostEmperor, and UNC5807. The advisory makes clear these are not isolated groups but part of one sustained campaign designed to establish persistent, long-term access and funnel intelligence into a centralized espionage system.
3. Emphasis on persistence and stealth over exploitation.
Exploiting known CVEs in edge devices remains a hallmark tactic, with repeated abuse of Cisco IOS XE, Ivanti, and Palo Alto vulnerabilities. But the advisory devotes significant attention to how attackers entrench themselves after initial access. In plain terms, once they’re inside, they work hard to stay hidden and keep the door open. Here’s what that looks like:
- Modifying access control lists (ACLs):
Think of ACLs as the “guest list” for a network. By secretly adding their own IP addresses to these lists, attackers give themselves a permanent “VIP pass” that lets them back in whenever they want, even if other defenses are patched.
- Harvesting credentials through TACACS+ and RADIUS traffic:
These are protocols that control how administrators log in to critical systems. Attackers set up packet captures to quietly record this login traffic. If credentials are transmitted in cleartext or weakly protected, attackers can replay or reuse them (similar to overhearing a password at the door and using it later).
- Establishing encrypted tunnels using GRE or IPsec:
To hide their data theft, attackers set up secret tunnels inside the network that look like ordinary secure connections. Imagine smugglers disguising their shipments in legitimate cargo containers; the traffic blends in with normal operations, making exfiltration difficult to spot.
- Abusing Cisco Guest Shell to stage tools:
Guest Shell is a legitimate containerized Linux environment inside Cisco devices. Attackers abuse it to run scripts, store stolen data, and even install additional software. Because Guest Shell isn’t always closely monitored, this gives adversaries a hidden workshop on the device itself, where they can operate without raising alarms.
Taken together, these methods allow adversaries to disappear into the fabric of the network. Even if defenders patch vulnerabilities or tighten configurations, attackers often still have a way to sneak back in.
Limitations of Prevention Alone
The advisory provides pages of detailed hardening guidance: patch devices against known vulnerabilities, restrict management protocols, enforce strong authentication, and disable unused services. These steps are critical, but they are not sufficient on their own.
You can patch a CVE, but you can’t patch stolen credentials.
Why prevention is not enough:
- Attackers exploit existing weaknesses.
The advisory stresses that actors have had “considerable success” with known CVEs. Even when organizations patch quickly, adversaries often find unpatched systems or exploit lagging updates in complex environments.
- Persistence mechanisms bypass hardening.
Once attackers establish tunnels, modify ACLs, or harvest credentials, simply closing the initial exploit path doesn’t remove them. Hardened perimeters cannot undo persistence already embedded inside the environment.
- Credential theft undermines secure access controls.
By collecting TACACS+ or RADIUS traffic, attackers can log in as legitimate administrators. To defenders monitoring only for “unauthorized” logins, this activity looks normal, making it nearly impossible to stop with prevention alone.
- Visibility gaps allow adversaries to linger.
The advisory itself acknowledges that initial access vectors often remain unknown, meaning organizations may not even realize how attackers got in. Without continuous monitoring and correlation of activity, adversaries can remain hidden for months or years.
The message is clear: prevention reduces exposure but does not eliminate the threat. Against highly resourced, state-sponsored actors, defenders must plan for compromise and invest in capabilities that can identify attacker behavior after the breach has already happened.
The Post-Compromise Imperative
If the August advisory teaches defenders anything, it’s that hardening and patching are only part of the answer. When adversaries are this determined, the assumption must shift: at some point, they will get inside. The challenge becomes detecting them quickly, limiting their dwell time, and stopping exfiltration before lasting damage is done.
What post-compromise security means in practice:
- Continuous visibility.
Attackers deliberately blend into normal traffic by tunneling over GRE or IPsec, or by using legitimate administrative accounts. Post-compromise detection requires always-on monitoring of traffic, authentications, and device activity—not just a reliance on perimeter defenses.
- Behavioral detection, not just signatures.
Because these actors exploit known CVEs and then hide in encrypted tunnels, rule-based prevention and static signatures often miss them. Security teams need to detect the behavior of persistence (such as unusual ACL changes, unexpected tunnels, or new accounts) rather than waiting for a known exploit pattern to appear.
- Correlated insights.
A single abnormal login may look benign. But when combined with unusual routing table changes and encrypted file transfers, it forms a clear attack narrative. Correlation across network, identity, and device telemetry is essential to uncover hidden campaigns.
- Faster response.
Once attackers gain persistence, time works in their favor. The advisory shows they maintain multiple backdoors and pivot across trusted connections . Rapid detection and triage are the only way to cut them off before they exfiltrate sensitive communications or credentials.
In short, prevention slows adversaries down, but only post-compromise visibility ensures they can’t operate undetected once inside. For organizations targeted in these campaigns, that capability is the difference between catching an intrusion early and unknowingly contributing to a global espionage system.
Closing the Gaps with Vectra AI
The August advisory makes it clear: Chinese state-sponsored actors are not launching one-off attacks. They are building a persistent espionage system inside global networks. Hardening steps are essential, but once attackers are inside, prevention alone cannot remove them.
This is where the Vectra AI Platform provides the critical missing layer:
- Detects persistence tactics like privilege changes, hidden tunnels, and credential misuse
- Correlates user, host, and device activity into clear threat narratives across network, cloud and identity
- Surfaces attacker behavior hidden in encrypted or trusted traffic
- Identifies abuse of legitimate tools such as Cisco Guest Shell and VPN sessions
- Integrates with existing technology stack (like EDR and SOAR) to enrich alerts and accelerate response
- Prioritizes detections that map directly to the TTPs described in the advisory
By closing detection and response gaps, Vectra AI ensures adversaries cannot remain hidden, even after they’ve breached preventive defenses.
State-sponsored attackers are playing the long game. With post-compromise detection, you can shorten it dramatically.
→ Watch a self-guided demo of the Vectra AI Platform to see how.