1. Forum
  2. FidoNet
  3. CONSPRCY

  • MS says Silk Typhoon targ

    From Mike Powell@1:2320/105 to All on Thu Mar 6 09:04:00 2025
    Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps
    to steal business data

    Date:
    Thu, 06 Mar 2025 11:31:00 +0000

    Description:
    Common IT solutions are the new target for infamous Silk Typhoon threat
    actor, Microsoft warns.

    FULL STORY ======================================================================
    - Chinese threat actor Silk Typhoon spotted targeting common IT apps
    - Microsoft's Threat Intelligence has identified new tactics from the group
    - Silk Typhoon was allegedly behind recent US Treasury hack

    A new report from Microsofts Threat Intelligence has identified a move from Chinese threat actor Silk Typhoon towards targeting common IT solutions such
    as cloud applications and remote management tools in order to gain access to victims systems.

    The group has been observed attacking a wide range of sectors, including IT services and infrastructure, remote monitoring and management (RMM)
    companies, healthcare, legal services, defense, government agencies, and many more.

    By exploiting zero-day vulnerabilities in edge devices and showcasing
    technical efficiency, the group has established itself as one of the Chinese threat actors with the largest targeting footprints, Microsoft says.

    Successful operations

    The report outlines a number of detected threats from Silk Typhoon, including using stolen API keys and credentials used for privilege access management, cloud providers, and cloud management firms - these allowed the group to
    access the downstream customer environments of the targeted company.

    Silk Typhoon has shown proficiency in understanding how cloud environments
    are deployed and configured, allowing them to successfully move laterally, maintain persistence, and exfiltrate data quickly within victim environments, the report said.

    Since Microsoft Threat Intelligence began tracking this threat actor in 2020, Silk Typhoon has used a myriad of web shells that allow them to execute commands, maintain persistence, and exfiltrate data from victim environments.

    Silk Typhoon is said to be the group behind the US Treasury hack, a major incident in which third party cybersecurity partner BeyondTrust, a remote access software provider was compromised, allowing the attackers access to
    key systems.

    China has always strenuously denied any ties to the group, or to any cyberattackers, and has called on the US to stop spreading disinformation
    about the states alleged ties to the threat actors.

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-says-chinese-silk-typhoon-hac kers-are-targeting-cloud-and-it-apps-to-steal-business-data

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)