Silk Typhoon

Actor Type	Nation State
Attributed to Nation	China
Directly Linked Intrusion Sets	HAFNIUM

Silk Typhoon is an intrusion set originally identified by Microsoft researchers. In March 2021, the group was observed targeting Microsoft Exchange Servers at a global scale and exploiting multiple zero-day vulnerabilities.

Microsoft threat intelligence originally named this actor 'HAFNIUM' before introducing a new naming taxonomy.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

Silk Typhoon Threat Reports

Report

Silk Typhoon targeting IT supply chain

Silk Typhoon is a sophisticated Chinese state-sponsored espionage group tracked by Microsoft Threat Intelligence. The group has been identified as ...

View Source

Report

HAFNIUM targeting Exchange Servers with 0-day exploits

In March 2021 Microsoft detected multiple zero-day exploits being used as part of a widespread campaign by HAFNIUM / Silk Typhoon. This report ...

View Source

References

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/