Microsoft is warning that Silk Typhoon, the hacker group with ties to China that recently breached US security, is now engaging in a campaign of supply-chain attacks. While the group has traditionally targeted sectors such as healthcare and non-governmental organizations, they have shifted their tactics to focus on common IT solutions like remote management tools and cloud applications in order to gain initial access.
According to Microsoft Threat Intelligence, Silk Typhoon was previously seen targeting cloud storage services in 2024 to steal keys that could be used to infiltrate customer networks. The group has also been known to breach state and local government organizations, as well as companies in the technology sector, in search of information related to US government policies and law enforcement documents.
Microsoft describes Silk Typhoon as a “well-resourced and technically efficient” group that can quickly organize exploits. By utilizing various web shells, the group is able to execute commands, maintain persistence, and exfiltrate data from their victims. Despite their sophisticated methods, Microsoft claims that their security solutions can detect these threats and provide mitigation guidance.
In December, Silk Typhoon carried out a hack against the US Treasury Department, compromising more than 400 computers. This breach was facilitated through a stolen key that granted access to a vendor’s secure cloud-based service, allowing the group to bypass security measures and access specific workstations within the Treasury Department.
It is clear that Silk Typhoon poses a significant threat to organizations and government entities, with their ability to adapt their tactics and target critical infrastructure using sophisticated hacking techniques. As such, it is imperative for businesses and agencies to remain vigilant and implement robust cybersecurity measures to protect against such attacks.
For more updates and breaking news, follow us on Instagram, Facebook, Twitter, or Telegram.