Microsoft’s Threat Intelligence Department revealed in its latest blog that a Chinese state-level hacker organization named “Silk Typhoon” is using advanced technology to launch attacks on different industries and critical infrastructure globally, specifically targeting zero-day vulnerabilities in cloud environments and edge devices.
According to a blog released by Microsoft’s Threat Intelligence Department on Wednesday, “Silk Typhoon” is a Chinese state-level hacker organization with espionage activities at its core, possessing ample resources and high technical capabilities.
This organization excels at quickly turning newly discovered zero-day vulnerabilities into attack tools, targeting a range of sectors including information technology (IT), healthcare, legal services, higher education, defense, government, non-governmental organizations (NGOs), and energy, with victims spread across the United States and worldwide.
Zero-day vulnerabilities refer to security flaws in software that are unknown to the vendor or for which there is currently no effective patch available.
Since 2020, when Microsoft began tracking this hacker organization, “Silk Typhoon” has deployed various web shells, which are malicious programs typically implanted into victims’ network servers or systems, allowing attackers to remotely control those systems.
Microsoft also disclosed that since the end of 2024, this hacker organization has been targeting third-party service providers, software vendors, or partners relied upon by attack targets to broaden the scope of its malicious activities.
In January of this year, “Silk Typhoon” exploited a zero-day vulnerability in Ivanti Pulse Connect VPN, prompting Microsoft to quickly notify Ivanti of the activity, leading to a rapid patching of the vulnerability and significantly reducing the time window available to hackers.
Furthermore, “Silk Typhoon” has been found to exploit zero-day vulnerabilities in Palo Alto Networks firewalls and Citrix NetScaler devices to attack multiple organizations.
Microsoft emphasizes that they have directly notified affected customers and called on global vigilance against the activities of Chinese hacker organizations to combat their actions. As cybersecurity challenges continue to intensify, cooperation between the U.S. government and technology companies will be key in addressing such threats.