Source: https://cybersecuritynews.com/microsoft ... n-hackers/In January 2025, Silk Typhoon was observed exploiting a zero-day vulnerability (CVE-2025-0282) in Ivanti Pulse Connect VPN. Microsoft promptly reported this activity to Ivanti, leading to rapid resolution of the critical exploit.
This action significantly reduced the window during which sophisticated threat actors could leverage the vulnerability.
Once the hackers inside a victim network, Silk Typhoon employs sophisticated techniques to move laterally from on-premises environments to cloud infrastructure.
They typically dump Active Directory, steal passwords from key vaults, and escalate privileges. The group has specifically targeted Microsoft Entra Connect servers (formerly AADConnect) to gain access to both on-premises and cloud environments simultaneously.
The hackers have been observed manipulating service principals and OAuth applications with administrative permissions to perform email, OneDrive, and SharePoint data exfiltration via Microsoft Graph API.
In some cases, they gain access to existing applications that already have consent within the tenant, add their own passwords to these applications, and use this access to steal email information.
They carefully name created applications to blend into the environment by mimicking legitimate services or Office 365 themes.
Microsoft recommends organizations patch all public-facing devices immediately, validate that Ivanti Pulse Connect VPNs are updated to address CVE-2025-0282, audit privilege levels of all identities, monitor service principal sign-ins from unusual locations, and implement strong credential hygiene practices including multi-factor authentication.
Microsoft Warns of Silk Typhoon Hackers Attacking IT Supply Chain
Forum rules
Behave rationally.
Behave yourself.
Self moderate your posts.
Be reasonable.
No Spam.
No Blunt promotion.
No nonsense whatsoever.
Behave rationally.
Behave yourself.
Self moderate your posts.
Be reasonable.
No Spam.
No Blunt promotion.
No nonsense whatsoever.
Microsoft has identified the hacker group "Silk Typhoon" as a China-based, state-sponsored threat actor. The group is known for conducting sophisticated cyber espionage campaigns, targeting critical sectors such as government, telecommunications, and high-tech industries. Microsoft has linked Silk Typhoon to espionage activities that leverage vulnerabilities in widely-used software, particularly Microsoft Exchange Server, in order to gain unauthorized access to sensitive information. They have been involved in complex, stealthy operations aimed at gathering intelligence.
Microsoft's threat intelligence services continuously monitor and provide updates on Silk Typhoon's activities, warning organizations about potential risks and how to mitigate them, especially through patching vulnerabilities and securing networks. The group uses advanced techniques like phishing, malware, and supply chain attacks to infiltrate and compromise systems.
We need to worry about Silk Typhoon hackers in 2025 because they are a highly sophisticated, state-sponsored group targeting critical sectors like government, defense, and telecommunications. Their cyber espionage activities can steal sensitive data, causing geopolitical risks, economic harm, and disruptions to global security. Their evolving tactics, including exploiting vulnerabilities in widely-used software, make them a significant and ongoing threat.
Microsoft's threat intelligence services continuously monitor and provide updates on Silk Typhoon's activities, warning organizations about potential risks and how to mitigate them, especially through patching vulnerabilities and securing networks. The group uses advanced techniques like phishing, malware, and supply chain attacks to infiltrate and compromise systems.
We need to worry about Silk Typhoon hackers in 2025 because they are a highly sophisticated, state-sponsored group targeting critical sectors like government, defense, and telecommunications. Their cyber espionage activities can steal sensitive data, causing geopolitical risks, economic harm, and disruptions to global security. Their evolving tactics, including exploiting vulnerabilities in widely-used software, make them a significant and ongoing threat.