Microsoft Warns Silk Typhoon Hackers Target IT Supply Chain via Cloud

Home/cloud, Internet Security, Microsoft, Security Advisory, Security Update, Targeted Attacks/Microsoft Warns Silk Typhoon Hackers Target IT Supply Chain via Cloud

Microsoft Warns Silk Typhoon Hackers Target IT Supply Chain via Cloud

Microsoft says Silk Typhoon is now targeting remote management tools and cloud apps for access, showing a wide and fast exploitation strategy.

Since late 2024, Silk Typhoon has been using stolen API keys and credentials from privilege access management (PAM), cloud app providers, and cloud data companies.

This lets them access customer environments of the compromised companies.

They’ve also gained access through password spray attacks and by finding leaked corporate passwords in public repositories.

Supply Chain Attacks and Credential Abuse

Silk Typhoon targets many industries worldwide, including IT services, healthcare, legal, education, defense, government, NGOs, and energy. Most of their attacks focus on the United States but also happen globally.

They are skilled at working with cloud environments, which helps them move between systems, stay hidden, and steal data quickly.

Since 2020, Silk Typhoon has used different web shells to run commands, stay in networks, and steal data.

Recently, Silk Typhoon used stolen API keys to access downstream customers, gather data, and run recon with admin accounts.

They also reset admin accounts, planted web shells, created new users, and cleared activity logs.

Microsoft notified affected customers to help secure their systems.

Recommended Actions:

  • Review Entra Connect server logs for any suspicious activity.
  • Check newly created applications to ensure they are legitimate.
  • Monitor multi-tenant applications, especially for any unexpected changes.
  • Investigate any Microsoft Graph or eDiscovery activity, especially involving SharePoint or email data access — these are common targets for Silk Typhoon.

Stronger Defenses:

  • Make sure all public-facing devices are fully patched to prevent known exploits.
  • Apply strict controls and monitoring on all important accounts, especially privileged accounts.
  • Focus on credential hygiene, such as removing unused accounts, enforcing strong passwords, and applying least privilege access to limit damage if an account is compromised.
  • Set up Conditional Access policies to enforce Zero Trust principles — requiring users to verify their identity before accessing critical systems.
  • Enable risk-based sign-in protection, so suspicious logins (like from unusual locations or devices) trigger extra security checks.
Post Views: 222
By | 2025-03-17T22:55:27+05:30 March 6th, 2025|cloud, Internet Security, Microsoft, Security Advisory, Security Update, Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!