The Silk Typhoon hacking group, previously known as Hafnium, has changed its approach from targeting Microsoft Exchange servers directly to infiltrating the IT supply chain. According to Microsoft Threat Intelligence, they now exploit remote management tools and cloud applications to gain access to corporate networks. Once inside, they utilize stolen credentials to abuse various deployed applications for espionage, indicating they are well-resourced and technically adept. Their targets include IT services, healthcare, and government organizations across the globe, employing web shells for command execution and data exfiltration.
After successfully compromising a victim, Silk Typhoon uses the stolen keys and credentials to infiltrate customer networks where they can then abuse a variety of deployed applications.
The adversarial collective is assessed to be well-resourced and technically efficient, swiftly putting to use exploits for zero-day vulnerabilities in edge devices for opportunistic attacks.
Collection
[
|
...
]