Summary: The Silk Typhoon hacking group has adapted its tactics to exploit the IT supply chain, targeting remote management tools and cloud applications to gain access to corporate networks. Microsoft Threat Intelligence highlighted their method of using stolen API keys for reconnaissance and data collection, indicating a shift toward more sophisticated exploitation techniques. This threat poses a significant risk across various sectors worldwide, leveraging zero-day vulnerabilities and cloud infrastructures.
Affected: Microsoft Exchange servers, IT services, and organizations globally
Keypoints :
- Silk Typhoon is now targeting IT solutions and cloud applications to infiltrate corporate networks.
- Exploits for zero-day vulnerabilities including those in Ivanti Pulse Connect VPN and Palo Alto Networks firewalls are being used.
- The group employs web shells for command execution and maintains access through compromised appliances, reflecting state-sponsored sophistication.
Source: https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html