Headline
Hacking Group 'Silk Typhoon' Linked to US Treasury Breach
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department’s Office of Foreign Assets Control.
Source: World History Archive via Alamy Stock Photo
NEWS BRIEF
The Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack on an agency that’s part of the US Department of the Treasury.
In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).
Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.
Using tools such as the China Chopper Web shell, the group’s cyber-espionage campaigns focus mainly on data theft.
The group also targeted the Treasury Department’s Office of Financial Research; this latest breach is still being investigated and assessed.
The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.
About the Author
Skilled writer and editor covering cybersecurity for Dark Reading.