CyberSecurityBoard
Sponsor Register Login

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that Silk Typhoon switched tactics around that period, abusing stolen API keys and compromised credentials for IT providers, identity management, privileged access management, and RMM solutions, which are then used to access downstream customer networks and data. Microsoft has listed updated indicators of compromise and detection rules that reflect Silk Typhoon's latest shift in tactics at the bottom of its report, and defenders are recommended to add the available information to their security tools to detect and block any attacks timely. Silk Typhoon is a Chinese state-sponsored espionage group known for hacking the U.S. Office of Foreign Assets Control (OFAC) office in early December 2024 and stealing data from the Committee on Foreign Investment in the United States (CFIUS). The threat actors no longer rely on malware and web shells, with Silk Typhoon now exploiting cloud apps to steal data and then clear logs, leaving only a minimal trace behind. According to Microsoft's observations, Silk Typhoon continues to exploit vulnerabilities alongside its new tactics, sometimes as zero days, for initial access. Microsoft says the threat actors have created a "CovertNetwork" consisting of compromised Cyberoam appliances, Zyxel routers, and QNAP devices, which are used to launch attacks and obfuscate malicious activities. Previously, the threat actors were primarily leveraging zero-day and n-day flaws in public-facing edge devices to gain initial access, plant web shells, and then move laterally via compromised VPNs and RDPs. Earlier, in 2024, Silk Typhoon exploited CVE-2024-3400, a command injection vulnerability in Palo Alto Networks GlobalProtect, and CVE-2023-3519, a remote code execution flaw in Citrix NetScaler ADC and NetScaler Gateway. Switching from organization-level breaches to MSP-level hacks allows the attackers to move within cloud environments, stealing Active Directory sync credentials (AADConnect), and abusing OAuth applications for a much stealthier attack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 05 Mar 2025 18:20:17 +0000


Cyber News related to Silk Typhoon hackers now target IT supply chains to breach networks

Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
5 months ago Bleepingcomputer.com CVE-2024-3400
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon
The FBI's Brett Leatherman gives the latest ‘Typhoon’ forecast | The Record from Recorded Future News - We're fully engaged with the victims still, in order to ensure that there's containment, that there remains containment in the environment, and that, as the victims continue to do their work with CISA, their third-party remediation ...
4 months ago Therecord.media Volt Typhoon
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage - ANSA reports that Xu is accused of being linked to the Chinese state-sponsored Silk Typhoon hacking group, aka Hafnium, which has been responsible for a wide range of cyberespionage attacks against the U.S. and other countries. A Chinese ...
1 month ago Bleepingcomputer.com HAFNIUM
Chinese hackers use custom malware to spy on US telecom networks - A primary component of the Salt Typhoon attacks was monitoring network activity and stealing data using packet-capturing tools like Tcpdump, Tpacap, Embedded Packet Capture, and a custom tool called JumbledPath. JumbledPath allowed Salt Typhoon ...
6 months ago Bleepingcomputer.com
FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches - In January, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions against Sichuan Juxinhe Network Technology, a Chinese cybersecurity firm believed to be directly involved in the Salt Typhoon telecom ...
4 months ago Bleepingcomputer.com
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
1 year ago Securityweek.com CVE-2019-1653 CVE-2019-1652 Volt Typhoon
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
1 year ago Securityboulevard.com BlackTech Volt Typhoon
Chinese hackers breached National Guard to steal network configurations - The Chinese state-sponsored hacking group known as Salt Typhoon breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials that could be used to ...
1 month ago Bleepingcomputer.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
1 year ago Helpnetsecurity.com
Microsoft Warns of Silk Typhoon Hackers Attacking IT Supply Chain - Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese state-sponsored espionage group that has begun targeting common IT solutions including remote management tools and cloud applications to gain ...
5 months ago Cybersecuritynews.com CVE-2025-0282
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
1 year ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
Chinese Silk Typhoon Hackers Filed 10+ Patents for Highly Intrusive Hacking Tools - Patents for “specially designed computer hard drive decryption software” and “remote cellphone evidence collection software” indicate sophisticated mobile device compromise capabilities that have not been publicly attributed ...
1 month ago Cybersecuritynews.com
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity - The portion of China's Volt Typhoon advanced persistent threat that focuses on infiltrating operational technology networks in critical infrastructure has already performed reconnaissance and enumeration of multiple US-based electric companies, while ...
1 year ago Darkreading.com Volt Typhoon
Checkmarx Report Surfaces Software Supply Chain Compromises - Checkmarx published an inaugural monthly report this week that finds 56% of the attacks against software supply chains that it analyzed resulted in the theft of credentials and confidential data. More than a quarter of attacks employed some form of ...
1 year ago Securityboulevard.com
Silk Typhoon hackers hijack network captive portals in diplomat attacks - Silk Typhoon, a notorious Chinese state-sponsored hacking group, has been identified hijacking network captive portals to target diplomats and government officials. This sophisticated cyber espionage campaign involves manipulating captive ...
1 week ago Bleepingcomputer.com Silk Typhoon
Major Retail Chains Suffer Data Breaches Amid Rising Cyber Threats to Consumer Trust - These incidents, occurring amid a 52% year-over-year rise in retail cyber vulnerabilities according to a 2025 survey, highlight the escalating risks facing an industry that processes billions of sensitive customer transactions annually. At M&S, ...
3 months ago Cybersecuritynews.com Hunters Scattered Spider

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)