CyberSecurityBoard
Sponsor Register Login

Silk Typhoon hackers now target IT supply chains to breach networks

Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that Silk Typhoon switched tactics around that period, abusing stolen API keys and compromised credentials for IT providers, identity management, privileged access management, and RMM solutions, which are then used to access downstream customer networks and data. Microsoft has listed updated indicators of compromise and detection rules that reflect Silk Typhoon's latest shift in tactics at the bottom of its report, and defenders are recommended to add the available information to their security tools to detect and block any attacks timely. Silk Typhoon is a Chinese state-sponsored espionage group known for hacking the U.S. Office of Foreign Assets Control (OFAC) office in early December 2024 and stealing data from the Committee on Foreign Investment in the United States (CFIUS). The threat actors no longer rely on malware and web shells, with Silk Typhoon now exploiting cloud apps to steal data and then clear logs, leaving only a minimal trace behind. According to Microsoft's observations, Silk Typhoon continues to exploit vulnerabilities alongside its new tactics, sometimes as zero days, for initial access. Microsoft says the threat actors have created a "CovertNetwork" consisting of compromised Cyberoam appliances, Zyxel routers, and QNAP devices, which are used to launch attacks and obfuscate malicious activities. Previously, the threat actors were primarily leveraging zero-day and n-day flaws in public-facing edge devices to gain initial access, plant web shells, and then move laterally via compromised VPNs and RDPs. Earlier, in 2024, Silk Typhoon exploited CVE-2024-3400, a command injection vulnerability in Palo Alto Networks GlobalProtect, and CVE-2023-3519, a remote code execution flaw in Citrix NetScaler ADC and NetScaler Gateway. Switching from organization-level breaches to MSP-level hacks allows the attackers to move within cloud environments, stealing Active Directory sync credentials (AADConnect), and abusing OAuth applications for a much stealthier attack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 05 Mar 2025 18:20:17 +0000


Cyber News related to Silk Typhoon hackers now target IT supply chains to breach networks

Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
9 hours ago Bleepingcomputer.com CVE-2024-3400
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
CISA: Volt Typhoon had access to some U.S. targets for 5 years - U.S. government agencies issued another warning about the significant threat posed by a Chinese nation-state threat group to critical infrastructures, revealing attackers might have been lurking in victims' IT environments for several years. Last ...
1 year ago Techtarget.com CVE-2023-27997 Volt Typhoon
Volt Typhoon Ramps Up Malicious Activity Against Critical Infrastructure - China-backed cyber espionage group Volt Typhoon is systematically targeting legacy Cisco devices in a sophisticated and stealthy campaign to grow its attack infrastructure. In many instances, the threat actor, known for targeting critical ...
1 year ago Darkreading.com Volt Typhoon
Chinese hackers use custom malware to spy on US telecom networks - A primary component of the Salt Typhoon attacks was monitoring network activity and stealing data using packet-capturing tools like Tcpdump, Tpacap, Embedded Packet Capture, and a custom tool called JumbledPath. JumbledPath allowed Salt Typhoon ...
1 week ago Bleepingcomputer.com
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments - Chinese state-sponsored hackers are targeting old vulnerabilities in Cisco routers in new attacks apparently aimed at government entities in the US, UK, and Australia, cybersecurity firm SecurityScorecard reports. As part of the observed attacks, the ...
1 year ago Securityweek.com CVE-2019-1653 CVE-2019-1652 Volt Typhoon
China-Sponsored Hackers Lie in Wait to Attack US Infrastructure - In a stark warning this week, the Cybersecurity and Infrastructure Security Agency, FBI, and National Security Agency said that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations in such sectors as ...
1 year ago Securityboulevard.com BlackTech Volt Typhoon
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Microsoft Warns of Silk Typhoon Hackers Attacking IT Supply Chain - Microsoft Threat Intelligence has identified a significant shift in tactics by Silk Typhoon, a Chinese state-sponsored espionage group that has begun targeting common IT solutions including remote management tools and cloud applications to gain ...
11 hours ago Cybersecuritynews.com CVE-2025-0282
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
1 year ago Securityzap.com
Stealthy KV-botnet hijacks SOHO routers and VPN devices - The Chinese state-sponsored APT hacking group known as Volt Typhoon has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets. Volt Typhoon commonly targets routers, firewalls, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
1 year ago Securityboulevard.com
SCS 9001 2.0 reveals enhanced controls for global supply chains - In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. ...
1 year ago Helpnetsecurity.com
Palo Alto Networks and IBM to Jointly Provide AI-Powered Security Offerings - PRESS RELEASE. SANTA CLARA, Calif. and ARMONK, N.Y., May 15, 2024 /PRNewswire/ - Palo Alto Networks, the global cybersecurity leader, and IBM, a leading provider of hybrid cloud and AI, today announced a broad-reaching partnership to deliver ...
9 months ago Darkreading.com
Chinese hackers hid in US infrastructure network for 5 years - The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and ...
1 year ago Bleepingcomputer.com Volt Typhoon
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
Volt Typhoon Hits Multiple Electric Utilities, Expands Cyber Activity - The portion of China's Volt Typhoon advanced persistent threat that focuses on infiltrating operational technology networks in critical infrastructure has already performed reconnaissance and enumeration of multiple US-based electric companies, while ...
1 year ago Darkreading.com Volt Typhoon
Checkmarx Report Surfaces Software Supply Chain Compromises - Checkmarx published an inaugural monthly report this week that finds 56% of the attacks against software supply chains that it analyzed resulted in the theft of credentials and confidential data. More than a quarter of attacks employed some form of ...
1 year ago Securityboulevard.com
Chinese Threat Actors Concealed in US Infrastructure Networks - According to a joint alert from CISA, the NSA, the FBI, and partner Five Eyes organizations, the Chinese cyberespionage group Volt Typhoon entered a critical infrastructure network in the United States and remained undiscovered for at least five ...
1 year ago Heimdalsecurity.com Volt Typhoon
Ledger Supply Chain Breach: $600,000 Theft Unveiled - Recent events have brought to light the Ledger supply chain breach, a cybercrime incident that led to the theft of $600,000 in virtual assets. For those who don't know, Ledger is a company that develops hardware and software-based cryptocurrency ...
1 year ago Securityboulevard.com
Chinese hackers breach more US telecoms via unpatched Cisco routers - Iniskt Group advises network admins operating Internet-exposed Cisco IOS XE network devices to apply available security patches as soon as possible and avoid exposing administration interfaces or non-essential services directly to the Internet. These ...
2 weeks ago Bleepingcomputer.com CVE-2023-20198 CVE-2023-20273
The NSA Seems Pretty Stressed About the Threat of Chinese Hackers in US Critical Infrastructure - The United States National Security Agency is often tight-lipped about its work and intelligence. At the Cyberwarcon security conference in Washington DC on Thursday, two members of the agency's Cybersecurity Collaboration Center had a "Call to ...
1 year ago Wired.com Volt Typhoon
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Assessing and mitigating cybersecurity risks lurking in your supply chain - Most involve the supply of software and digital services, or at least are reliant in some way on online interactions. SMBs in particular may not proactively be looking, or have the resources, to manage security in their supply chains. Blindly ...
1 year ago Welivesecurity.com
Feds Confirm Remote Killing of Volt Typhoon's SOHO Botnet - US law enforcement has disrupted the infrastructure of the notorious China-sponsored cyberattack group known as Volt Typhoon. The state-backed group uses it as a launchpad for other attacks, particularly on US critical infrastructure, because the ...
1 year ago Darkreading.com Volt Typhoon

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)