TZUTC: -0500   
   MSGID: 357.consprcy@1:2320/105 2c2ee492   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps    
   to steal business data   
      
   Date:   
   Thu, 06 Mar 2025 11:31:00 +0000   
      
   Description:   
   Common IT solutions are the new target for infamous Silk Typhoon threat    
   actor, Microsoft warns.   
      
   FULL STORY   
   ======================================================================   
    - Chinese threat actor Silk Typhoon spotted targeting common IT apps   
    - Microsoft's Threat Intelligence has identified new tactics from the group   
    - Silk Typhoon was allegedly behind recent US Treasury hack   
      
   A new report from Microsofts Threat Intelligence has identified a move from   
   Chinese threat actor Silk Typhoon towards targeting common IT solutions such   
   as cloud applications and remote management tools in order to gain access to   
   victims systems.    
      
   The group has been observed attacking a wide range of sectors, including IT   
   services and infrastructure, remote monitoring and management (RMM)    
   companies, healthcare, legal services, defense, government agencies, and many   
   more.    
      
   By exploiting zero-day vulnerabilities in edge devices and showcasing   
   technical efficiency, the group has established itself as one of the Chinese   
   threat actors with the largest targeting footprints, Microsoft says.   
      
   Successful operations    
      
   The report outlines a number of detected threats from Silk Typhoon, including   
   using stolen API keys and credentials used for privilege access management,   
   cloud providers, and cloud management firms - these allowed the group to   
   access the downstream customer environments of the targeted company.    
      
   Silk Typhoon has shown proficiency in understanding how cloud environments    
   are deployed and configured, allowing them to successfully move laterally,   
   maintain persistence, and exfiltrate data quickly within victim environments,   
   the report said.    
      
   Since Microsoft Threat Intelligence began tracking this threat actor in 2020,   
   Silk Typhoon has used a myriad of web shells that allow them to execute   
   commands, maintain persistence, and exfiltrate data from victim environments.    
      
   Silk Typhoon is said to be the group behind the US Treasury hack, a major   
   incident in which third party cybersecurity partner BeyondTrust, a remote   
   access software provider was compromised, allowing the attackers access to    
   key systems.    
      
   China has always strenuously denied any ties to the group, or to any   
   cyberattackers, and has called on the US to stop spreading disinformation   
   about the states alleged ties to the threat actors.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/microsoft-says-chinese-silk-typhoon-hac   
   kers-are-targeting-cloud-and-it-apps-to-steal-business-data   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426