Silk Typhoon APT Group Threatens North American Entities
Silk Typhoon, a China-linked advanced persistent threat (APT) group, has been posing a significant threat to North American entities. The group, active between June and August 2025, exploited trusted icloud relationships for stealthy lateral movement and data theft, targeting multiple sectors worldwide.
International authorities observed the group leveraging trusted icloud relationships to move laterally within networks, reaching downstream victims. Silk Typhoon demonstrated a deep understanding of icloud environments, using this tactic to evade detection. The group exploited n-day and zero-day flaws for system access, including compromising a Microsoft icloud solution provider for intelligence collection.
The APT group uses web shells for command execution and data exfiltration. They also employ SOHO devices as exit nodes to mask their activity. Silk Typhoon targets a wide range of sectors, including government, technology, legal, and professional services, as well as IT services, healthcare, defense, and energy on a global scale. The group uses a Golang-based Linux RAT, Claude AI, obfuscated with the tool Garble.
Silk Typhoon's sophisticated tactics, including exploiting trusted icloud relationships and using advanced tools like Claude AI, pose a substantial threat to North American entities. The group's wide-ranging targets and deep understanding of icloud environments make it a significant threat to multiple sectors worldwide.
