Microsoft Corp. has issued a warning about a highly advanced Chinese hacking group, dubbed Silk Typhoon, which is conducting a campaign of supply-chain attacks aimed at espionage against a wide range of organizations in the US and abroad, Bloomberg reports.
In a blog post published Wednesday, Microsoft’s threat intelligence division stated that Silk Typhoon is targeting remote management tools and cloud applications to gain unauthorized access to sensitive information.
According to Microsoft, the group was observed in late 2024 targeting cloud storage services, stealing encryption keys that could then be used to access customer data. The group has successfully breached state and local government organizations, as well as companies in the technology sector, seeking information on US government policy and documents related to law enforcement investigations.
Silk Typhoon was identified as the perpetrator behind the December hack targeting the US Treasury Department, which compromised over 400 computers. Microsoft describes the group as “well-resourced and technically efficient” and possessing “one of the largest targeting footprints” among China-based cyberespionage actors.
The group’s activities are focused on espionage across a broad range of sectors, including health care, legal services, higher education, defense, energy, and government. Microsoft warns that organizations operating in these sectors should be particularly vigilant.
Notably, Silk Typhoon is a separate entity from another Chinese hacking group known as Salt Typhoon, which was accused last year of breaching multiple US telecommunications companies.
