[ /report/489 // public // by @Unknown ]

IBM X-Force 2025 Threat Intelligence Index

Generated 2026-05-16 · 1 TTPs · 27 IOCs · 1 actors

report_id: #489

// 01Executive summary

Threat actors are increasingly conducting broad, coordinated campaigns, leading to widespread business disruption across various sectors. A notable APT group, Salt Typhoon, has targeted critical infrastructure globally, including US telecommunications, energy, healthcare, and government systems. A primary tactic involves the extensive use of compromised credentials for initial access, making detection challenging for defenders. Furthermore, their use of public cloud infrastructure complicates efforts to discern malicious activity from legitimate workloads. Organizations must prioritize robust credential management and enhanced monitoring across cloud environments to counter these evolving threats and prevent operational impact.

// 02Key metrics

// ttps
1
ATT&CK techniques
// iocs
27
indicators
// actors
1
threat groups
// kwords
10
keywords

// 03MITRE ATT&CK

// 04Threat actors

Salt Typhoon

// 05Indicators of compromise

// ips0

none

// domains6

  • credentials.both
  • publiccloud.com.br
  • incidents.this
  • kratosdefense.com
  • securityintelligence.com
  • copytrade.shtml

// urls11

  • https://www
  • https://ibm.co/securing-generative-ai
  • https://attack
  • https://www.nsa.gov/
  • https://cybersixgill.com/news/articles/
  • https://www.volexity.com/blog/2024/05/15/
  • https://www.statista.com/statistics/1545783/
  • https://www.cloudsek.com/blog/
  • https://www.oligo.security/blog/
  • https://www.cyberdefensemagazine.com/
  • https://www.justice.gov/usao-cdca/pr/

// sha2560

none

// md50

none

// emails0

none

// cves10

  • CVE-2024-21762
  • CVE-2024-3400
  • CVE-2024-23113
  • CVE-2024-9680
  • CVE-2024-21887
  • CVE-2024-6387
  • CVE-2024-3094
  • CVE-2024-24919
  • CVE-2024-23897
  • CVE-2024-21413

// 06Geographic coverage

// 07YARA rule

// Failed to generate YARA rule

// 08Keywords

{'keyword': 'malware', 'score': 42.2411} {'keyword': 'data', 'score': 39.7412} {'keyword': 'threat', 'score': 35.6512} {'keyword': '2024', 'score': 34.3807} {'keyword': 'ai', 'score': 30.6705} {'keyword': 'incidents', 'score': 29.669} {'keyword': 'attackers', 'score': 27.7454} {'keyword': 'ransomware', 'score': 27.2159} {'keyword': 'phishing', 'score': 25.3639} {'keyword': 'access', 'score': 25.2923}

// 09Attack chain

// 10Technical mitigations

// 12Export

// format: // sign in to export ./sign_in