Summary: The Chinese threat actor group “Silk Typhoon” has been implicated in a December 2024 cyberattack on a US Treasury agency, utilizing a stolen API key to access sensitive data. This group, also known as Hafnium, is notorious for its cyber-espionage activities targeting various sectors, including government and healthcare.

Threat Actor: Silk Typhoon | Silk Typhoon
Victim: US Department of the Treasury | US Department of the Treasury

Key Point :

• Silk Typhoon exploited a stolen Remote Support SaaS API key via BeyondTrust to breach the Office of Foreign Assets Control (OFAC).
• The group is known for its focus on data theft and has previously targeted education, healthcare, and defense sectors.
• The Cybersecurity and Infrastructure Security Agency (CISA) confirmed that the breach is limited to the affected agency, with no other federal agencies impacted.