01
Who
Salt Typhoon — a state-linked advanced persistent threat group, active since at least 2019.
Attributed to operators in the People's Republic of China.
▣
SiberAMAN
AI-Powered Security Orchestration, Automation & Response
A live demonstration of the CyberSOC platform in action.
Tap anywhere to start
Meet the adversary
Before we launch the attack, here's who's attacking.
02
What
Targets telecommunications, government, and edge-network devices — the routers, VPNs, and management systems that knit a country together.
Recent campaigns have hit major US carriers and dozens of countries simultaneously.
03
Why it matters
They hide in network management infrastructure for months, quietly collecting lawful-intercept data, credentials, and metadata.
Stealth and persistence — not smash-and-grab. A traditional SOC sees nothing until it's far too late.
The cast you'll see on the live screens
Three roles, working in concert.
OpenAEV
The Aggressor
Adversary emulation platform. Runs the simulated attack — the same TTPs a real adversary would use.
SiberAMAN AI SOAR
The AI Brain
AI Level 1 analyst triages alerts. Hands confirmed threats to a human Level 2 analyst. Drives the playbook.
Elastic Security
The Analyst's Eyes
Endpoint detection and SIEM. Where the human analyst sees the work and takes action.
SIMULATING A SALT TYPHOON CAMPAIGN AGAINST
Merdeka Telecom
A national telecommunications provider
Press once. Watch the three live screens next to this kiosk and the simulation below unfold together.
Incident · INC-2026-00471
PHASE 1 · RECONNAISSANCE
T+00:00
NETWORK · LIVE
awaiting action...
1 · Recon
2 · Initial Access
3 · Execution
4 · Priv Esc
5 · Lateral
6 · Collection
0alerts
0cases
0AI actions
SYSSiberAMAN online. Standing watch.
AI
SiberAMAN · L1 Analyst
Standing by
L2
Human · L2 Analyst
On call
Awaiting incident.
✓
Case closed
A Salt Typhoon campaign, detected, triaged, and contained.
SiberAMAN AI SOAR · powered by CyberSOC