Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data

News
By
published

There’s been a shift in tactics for the threat actor, Microsoft warns

China
(Image credit: Shutterstock)
  • Chinese threat actor Silk Typhoon spotted targeting common IT apps
  • Microsoft's Threat Intelligence has identified new tactics from the group
  • Silk Typhoon was allegedly behind recent US Treasury hack

A new report from Microsoft’s Threat Intelligence has identified a move from Chinese threat actor Silk Typhoon towards targeting “common IT solutions” such as cloud applications and remote management tools in order to gain access to victim’s systems.

The group has been observed attacking a wide range of sectors, including IT services and infrastructure, remote monitoring and management (RMM) companies, healthcare, legal services, defense, government agencies, and many more.

By exploiting zero-day vulnerabilities in edge devices and showcasing technical efficiency, the group has established itself as one of the Chinese threat actors with the “largest targeting footprints,” Microsoft says.

Successful operations

The report outlines a number of detected threats from Silk Typhoon, including using stolen API keys and credentials used for privilege access management, cloud providers, and cloud management firms - these allowed the group to access the downstream customer environments of the targeted company.

“Silk Typhoon has shown proficiency in understanding how cloud environments are deployed and configured, allowing them to successfully move laterally, maintain persistence, and exfiltrate data quickly within victim environments,” the report said.

“Since Microsoft Threat Intelligence began tracking this threat actor in 2020, Silk Typhoon has used a myriad of web shells that allow them to execute commands, maintain persistence, and exfiltrate data from victim environments.”

Silk Typhoon is said to be the group behind the US Treasury hack, a ‘major incident’ in which third party cybersecurity partner BeyondTrust, a remote access software provider was compromised, allowing the attackers access to key systems.

China has always strenuously denied any ties to the group, or to any cyberattackers, and has called on the US to stop spreading “disinformation” about the state’s alleged ties to the threat actors.

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
US critical infrastructure hit once again by a new group on the scene
China
Chinese cybersecurity firm hit by US sanctions over ties to Flax Typhoon hacking group
An American flag flying outside the US Capitol building against a blue sky
More alleged Chinese intrusions into the US Treasury revealed
An American flag flying outside the US Capitol building against a blue sky
Chinese cybersecurity firm sanctioned by US Treasury over alleged links to Salt Typhoon hackers
Russia
Major Russian hacking group shifts focus to US and UK targets
China
US Treasury declares ‘major incident’ after apparent state-sponsored Chinese hack
Latest in Security
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Latest in News
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Last-minute AMD RX 9070 XT stock rumors are making me hopeful for a much better launch than Nvidia’s RTX 5000 GPUs – with just one snag
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
China
Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps to steal business data
Salesforce Agentforce 2dx
Salesforce gives AI agents the power to be proactive and autonomous like never before
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
A screenshot showing Naoe looking at the hidden blade in Assassin's Creed Shadows
Prep 107GB of space as Assassin's Creed Shadows preload and expected global release times are shared by Ubisoft
More about security
Webex by Cisco banner on a Chromebook

Cisco warns some Webex users of worrying security flaw, so patch now
Image of laptop infected with malware

Ransomware criminals are now sending their demands...by snail mail?
eSIM

Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
See more latest
Most Popular
eSIM
Global eSIM shipment volume surpasses half a billion units as demand keeps on growing
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
Last-minute AMD RX 9070 XT stock rumors are making me hopeful for a much better launch than Nvidia’s RTX 5000 GPUs – with just one snag
A screenshot of a character in FragPunk on PC.
FragPunk drops tomorrow for PC, but its console launch has been delayed at the last minute
Microsoft Store logo on a blurred background
There's finally a fix for an annoying Microsoft Store bug that's older than Windows 11
Salesforce Agentforce 2dx
Salesforce gives AI agents the power to be proactive and autonomous like never before
Google Pixel Watch 3 side dial and button
The Pixel Watch just got a secret display upgrade in Wear OS 5.1, but here’s why you probably shouldn’t use it
the last of us 2 gate codes
The Last of Us director Neil Druckmann speaks on the possibility of The Last of Us Part 3: 'I guess the only thing I would say is don’t bet on there being more'
A screenshot showing Naoe looking at the hidden blade in Assassin's Creed Shadows
Prep 107GB of space as Assassin's Creed Shadows preload and expected global release times are shared by Ubisoft
Google AI Mode
Google previews AI Mode for search, taking on the likes of ChatGPT search and Perplexity
An angry Mark Grayson flying towards the camera in Invincible season 3 episode 7
Invincible season 3 episode 7 ending explained: who dies, who plays Conquest, who is Ka-Hor, and more big questions answered