China Continues to Attack US Business and Government Targets

Silk Typhoon, the name given to the hackers that hacked the US Treasury, is still at it.

Here is the thing about this attack. Some attacks are intentionally noisy. Ransomware attacks are an example. This attack is intentionally quiet so unless you are diligently looking for it, you won’t find it.

In the attack on the US Treasury, China stole data from OFAC, the department that sanctions foreign companies for bad behavior, among other data.

In your case, they will slip in using stolen credentials and using an administrator’s account, start collecting data of interest.

Their initial access method, in many cases now, is the software that your IT department or your IT contractor uses to remotely manage your computers or your cloud applications that may not have the best security. Many IT contractors don’t have great security practices.

Silk Typhoon is the same group that broke into Microsoft Exchange in 2021, so they have some pretty good skills. They also broke into the Ivanti Pulse VPN last year. Also, they compromised Citrix Netscaler and Palo Alto Networks firewalls, so do not under estimate them.

If you are not doing threat hunting in your network, you are not likely to catch these hackers due to the low profile nature of their tactics.

If you would like us to review your logging, alerting and threat hunting, please contact us. Credit: The Register