Silk Typhoon, believed to have ties to the Chinese government, has been conducting cyberattacks using stolen API keys and cloud credentials since late 2024. Their activities have escalated following December intrusions into the US Treasury, where they accessed sensitive information from key departments. Microsoft Threat Intelligence reported that Silk Typhoon has broadened its focus, targeting both IT companies and local government agencies. This shift in strategy reflects the group's interest in data relevant to US policies and law enforcement, and marks a change from their previous actions linked to major cyber incidents such as the Hafnium and Microsoft Exchange breaches.
"Silk Typhoon, associated with the Chinese government, has been exploiting stolen API keys and cloud credentials since late 2024, targeting IT and government sectors."
"The group's tactics have evolved to focus on remote management tools and APIs, indicating an ongoing strategy to adapt and penetrate secure environments."
Collection
[
|
...
]