China-Linked Cyber Espionage Infrastructure Analysis, IOC Validation, DNS Hunting, Infrastructure Correlation and Threat Intelligence Investigation
Silent Push researchers identified dozens of previously unreported domains associated with the Chinese state-sponsored threat actors Salt Typhoon and UNC4841. Through WHOIS analysis, SOA record correlation, infrastructure pivoting, DNS intelligence, and domain registration pattern analysis, researchers uncovered 45 domains and multiple IP addresses believed to support long-term cyber espionage operations.
Earliest identified domain registrations linked to infrastructure.
Infrastructure expansion using fake personas, ProtonMail accounts and DNS hosting services.
UNC4841 activity observed exploiting Barracuda Email Security Gateway vulnerabilities.
Salt Typhoon compromises major telecommunications providers globally.
Silent Push correlates infrastructure and discovers previously unreported domains.
| Type | Indicator | Confidence |
|---|---|---|
| Domain | dateupdata.com | High |
| Domain | infraredsen.com | High |
| Domain | materialplies.com | High |
| Domain | pulseathermakf.com | High |
| Domain | cloudprocenter.com | High |
| Domain | followkoon.com | High |
| Domain | newhkdaily.com | High |
| Domain | clubworkmistake.com | High |
| Domain | gesturefavour.com | High |
| Domain | goldenunder.com | High |
| IP Address | Related Domain |
|---|---|
| 172.93.165.13 | asparticrooftop.com |
| 92.38.160.50 | cloudprocenter.com |
| 45.125.67.144 | infraredsen.com |
| 103.113.85.216 | followkoon.com |
| 193.239.86.168 | imap.dateupdata.com |
| 202.146.221.69 | newhkdaily.com |
| Tactic | Technique |
|---|---|
| Initial Access | T1190 Exploit Public Facing Application |
| Persistence | T1098 Account Manipulation |
| Command & Control | T1071 Application Layer Protocol |
| Credential Access | T1555 Credentials from Password Stores |
| Discovery | T1018 Remote System Discovery |
| Collection | T1119 Automated Collection |
| Exfiltration | T1041 Exfiltration Over C2 Channel |
This investigation demonstrates advanced threat intelligence methodologies including WHOIS analysis, SOA record pivoting, DNS intelligence, infrastructure correlation, and attribution assessment. The discovered infrastructure strongly indicates long-term cyber espionage operations conducted by China-linked threat actors. Organizations operating telecommunications, government, defense, and critical infrastructure networks should prioritize retrospective DNS analysis against the identified indicators.