Ep 11 - Salt Typhoon Exposed: Breaking Down CISA Advisory AA25-239

In this special episode of The Cyber Resilience Brief, hosts Tova Dvorin and Adrian Culley unpack the newly released CISA Advisory AA25-239, a joint warning from CISA, NSA, FBI, and international partners on the persistent Chinese state-sponsored threat group known as Salt Typhoon.

Salt Typhoon has been quietly infiltrating critical infrastructure worldwide using outdated routers, weak credentials, and “living off the land” techniques like PowerShell, WMI, and scheduled tasks—often remaining undetected for years. This episode explores:

• 
  

  Key TTPs & IOCs called out in the advisory, including router exploits, credential abuse, and stealthy exfiltration techniques.

  
  


• 
  

  Mitigation strategies every organization should implement now: patching, MFA enforcement, segmentation, and proactive monitoring.

  
  


• 
  

  How Breach and Attack Simulation (BAS), Adversarial Exposure Validation (AEV), and Continuous Automated Red Teaming (CART) can help organizations proactively defend against advanced, long-term adversaries.

  
  

Whether you’re a CISO, security practitioner, or resilience leader, this episode provides actionable intelligence to strengthen your defenses against one of today’s most persistent and dangerous cyber threats.