Silk Typhoon, the China-link hacker group that breached US security last month, is waging a campaign of supply-chain attacks, Microsoft warns. While it primarily targets groups such as healthcare and non-governmental organisations (NGOs), Microsoft Threat Intelligence has spotted a shift in its tactics. It is now targetting common IT solutions such as remote management tools and cloud applications in order to gain initial access.
The group was observed targeting cloud storage services back in 2024, in order to steal keys that could be used to infiltrate customer networks. Breaching state and local government organisations and companies in the technology sector, the group sought information on US government policies and documents related to law enforcement issues.

Microsoft refers to the Silk Typhoon as a “well-resourced and technically efficient” group who can organise exploits swiftly. Using different web shells, the group is able to execute commands, maintain persistence, and exfiltrate data from its victims. Despite this, Microsoft claims its security solutions are able to detect these threats and offer mitigation guidance.
Back in December, Silk Typhoon staged a hack against the US Treasury Department, consisting of more than 400 computers. This was done through a stolen key that enabled access to a vendor’s “secure cloud-based service”, overriding the service’s security and accessing certain workstations in the Treasury Department.
(Source: Microsoft[ 1] [2], Cyber Daily)