News Brief

A Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack of an agency that is part of the US Treasury Department.

In the breach, threat actors were able to use remote support SaaS API keys stolen by third-party cybersecurity vendor BeyondTrust. Workstation at the Office of Foreign Assets Control (OFAC)..

The Silk Typhoon, also known as the Hafnium, is popular for targeting targets in education, healthcare, defense, and non-governmental organizations.

Using tools such as the China Helicopter webshell, the group’s cyber-espionage campaigns are primarily focused on data theft.

The group also targeted the Treasury Department’s Office of Financial Research. This latest breach is still being investigated and reviewed.

The Cybersecurity and Infrastructure Security Agency (CISA) has since confirmed these exploits Limited to agency onlyand there is no indication that any other federal agency was affected by the incident.



Source link