Microsoft Sounds Alarm on Chinese Cyberespionage
March 5, 2025 – Microsoft Corp. has alerted the public to a recent campaign of supply-chain attacks orchestrated by a Chinese hacking group known as Silk Typhoon. The company’s threat intelligence division released a blog post on Wednesday detailing the group’s tactics and targets. According to Microsoft, Silk Typhoon has been leveraging remote management tools and cloud applications to conduct espionage against various companies and organizations within the United States and globally.
In late 2024, Microsoft observed Silk Typhoon targeting cloud storage services. Hackers would steal keys from these services to access customer data. The group has successfully breached organizations within both state and local government as well as companies in the technology sector, specifically seeking information on US government policy and documents associated with law enforcement investigations.
Silk Typhoon is a well-resourced and technically efficient actor.
Previously, Bloomberg News reported that Silk Typhoon was behind a December hack that compromised over 400 computers at the US Treasury Department. Microsoft described the group as “well-resourced and technically efficient” and observed that it has “one of the largest targeting footprints” among China-based cyberespionage actors. The group is targeting organizations across diverse sectors for espionage, including healthcare, legal services, higher education, defense, energy, and government.
It is important to note that Silk Typhoon is separate from the Chinese hacking group Salt Typhoon, which was accused last year of breaching multiple US telecommunications companies.
