GhostEmperor, also widely known as Salt Typhoon, is a state-sponsored cyber espionage group originating from China, assessed with high confidence to be operated by the Ministry of State Security (MSS). The group first emerged as early as 2019, primarily focused on long-term, stealthy intelligence collection. What distinguishes GhostEmperor is its capability to maintain covert access within targeted networks for months to years, often employing a sophisticated Windows kernel-mode rootkit called Demodex. While commonly referred to as Salt Typhoon by many security vendors, the group is also tracked under aliases such as FamousSparrow, OPERATOR PANDA, RedMike, UNC2286, and Earth Estries.