Hacking Group 'Silk Typhoon' Linked to US Treasury Breach

January 10, 2025

Satellite view of a typhoon in the Philippines

Source: World History Archive via Alamy Stock Photo

The Chinese threat actor group known as "Silk Typhoon" has been linked to the December 2024 hack on an agency that's part of the US Department of the Treasury.

In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).

Silk Typhoon, also known as Hafnium, is well known for hitting targets in education, healthcare, defense, and non-governmental organizations.

Using tools such as the China Chopper Web shell, the group's cyber-espionage campaigns focus mainly on data theft.

The group also targeted the Treasury Department's Office of Financial Research; this latest breach is still being investigated and assessed.

The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed that these exploits are limited to just the agency, and there is no indication that any other federal agencies have been impacted by the incident.