Microsoft warns: Chinese hackers from Silk Typhoon strike again, this time targeting cloud infrastructures

A new report from Microsoft’s Threat Intelligence reveals that the Chinese-backed hacking group Silk Typhoon has escalated its attacks, now shifting its focus towards cloud infrastructures and remote management tools. The group, active since at least 2020, has been linked to multiple cyberattacks, including the recent breach of the U.S. Treasury Department.

A growing cybersecurity threat

According to Microsoft, Silk Typhoon is targeting common IT applications, such as cloud solutions and remote management software, to gain access to sensitive systems. The group has been observed infiltrating sectors including government agencies, healthcare, legal services, and defense, among others. By exploiting zero-day vulnerabilities in edge devices, they have demonstrated technical efficiency and adaptability, making them one of the most persistent cyber threats today.

Exploiting vulnerabilities and stealing credentials

The hackers are using stolen API keys and privileged access credentials to infiltrate cloud providers and management firms, enabling them to breach downstream customer environments. Microsoft notes that Silk Typhoon has developed a deep understanding of cloud deployments, allowing them to move laterally within networks, maintain persistence, and exfiltrate data quickly.

The group also relies on web shells to execute commands, ensuring they can remain undetected within victim environments for extended periods. Since tracking began in 2020, Microsoft has recorded numerous cases where Silk Typhoon successfully maintained long-term access to compromised systems, increasing the risks for affected organizations.

Security analysts believe that Silk Typhoon was responsible for the recent U.S. Treasury hack, a major cybersecurity breach linked to the compromise of BeyondTrust, a remote access software provider. This attack underscores the group’s ability to exploit third-party cybersecurity partners, bypassing traditional defenses and gaining access to critical systems.