Threat Intel Solutions

China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says=============================================================================================== Piotr Swat/SOPA Images/LightRocket via Getty Images | Get the latest federal technology news delivered to your inbox.||
|| email | Register for Newsletter*** ** * ** ***Stay Connected [](https://x.com/NextgovFCW)[](https://www.facebook.com/NextgovFCW/)[](https://www.linkedin.com/company/nextgovfcw/)[](/rss/all/) Featured eBooks  [Workforce Tech](/assets/workforce-tech/portal/) [Read Now](/assets/workforce-tech/portal/)  ### [Customer Experience](/assets/customer-experience/portal/)[Read Now](/assets/customer-experience/portal/)  ### [Identity in Government](/assets/identity/portal/)[Read Now](/assets/identity/portal/) Insights -& Reports  [Build vs. Buy: Choosing the Best Path for Government Technology](/assets/build-vs-buy-choosing-best-path-government-technol/portal/?oref=ng-sidebar-insights-reports) [Presented By PayIt](/assets/build-vs-buy-choosing-best-path-government-technol/portal/?oref=ng-sidebar-insights-reports) [Download Now](/assets/build-vs-buy-choosing-best-path-government-technol/portal/?oref=ng-sidebar-insights-reports)  [Federal leaders describe pathways to IT modernization](/assets/federal-leaders-describe-pathways-it-modernization/portal/?oref=ng-sidebar-insights-reports) [Presented By SAP](/assets/federal-leaders-describe-pathways-it-modernization/portal/?oref=ng-sidebar-insights-reports) [Download Now](/assets/federal-leaders-describe-pathways-it-modernization/portal/?oref=ng-sidebar-insights-reports) By [David DiMolfetta](/voices/david-dimolfetta/25968/?oref=ng-post-author), Cybersecurity Reporter, Nextgov/FCW * [](https://x.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&text=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&mini=true&summary=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.&source=Nextgov.com&title=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2025%2F05%2F23%2F052325commvaultNG%2F860x394.jpg&name=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&display=popup&description=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.)* [](mailto:?body=The%20hacking%20unit%20previously%20infiltrated%20Treasury%20Department%20networks%20and%20compromised%20some%20of%20the%20agency%E2%80%99s%20most%20sensitive%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2025/05/china-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says/405579/&subject=Nextgov.com%3A%20China-linked%20%E2%80%98Silk%20Typhoon%E2%80%99%20hackers%20accessed%20Commvault%20cloud%20environments%2C%20person%20familiar%20says) By [David DiMolfetta](/voices/david-dimolfetta/25968/?oref=ng-post-author?oref=rf-post-author)-| May 23, 2025 03:09 PM ETThe hacking unit previously infiltrated Treasury Department networks and compromised some of the agency’s most sensitive systems.———————————————————————————————————————————* [Cyber Threats](/topic/cyber-threats/?oref=ng-article-topics)* [Cloud](/topic/cloud/?oref=ng-article-topics)* [Industry](/topic/industry/?oref=ng-article-topics)* [](https://x.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&text=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&mini=true&summary=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.&source=Nextgov.com&title=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2025%2F05%2F23%2F052325commvaultNG%2F860x394.jpg&name=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&display=popup&description=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.)* [](mailto:?body=The%20hacking%20unit%20previously%20infiltrated%20Treasury%20Department%20networks%20and%20compromised%20some%20of%20the%20agency%E2%80%99s%20most%20sensitive%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2025/05/china-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says/405579/&subject=Nextgov.com%3A%20China-linked%20%E2%80%98Silk%20Typhoon%E2%80%99%20hackers%20accessed%20Commvault%20cloud%20environments%2C%20person%20familiar%20says)Data management software firm Commvault was compromised by Chinese hackers that accessed the firm’s enterprise cloud systems and targeted its customers’ application secrets, according to a person with knowledge of the matter.The hacking unit responsible for the intrusions is known as Silk Typhoon, said the person, who was granted anonymity to be candid about non-public details surrounding the breach. On Thursday, the Cybersecurity and Infrastructure Security Agency and Commvault released a critical [joint advisory](https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic) about the hacking activity. The intrusion’s connection to Silk Typhoon has not been previously reported.In the advisory, CISA said it believes ‘the threat activity may be part of a larger campaign targeting various SaaS companies’ cloud applications with default configurations and elevated permissions.’In late February, Microsoft [notified](https://www.commvault.com/blogs/customer-security-update) Commvault about unauthorized access into its systems from a ‘nation-state threat actor’ that was spotted because Commvault’s ‘Metallic’ data-protection product is hosted in Microsoft’s Azure cloud offering.Silk Typhoon sits among a syndicate of Chinese government-backed hacking collectives tracked by Microsoft, whose threat intelligence arm uses a ‘Typhoon’ moniker to label cyber activity affiliated with Beijing. The Typhoon units have made waves over the past year amid their broad intrusions into global [telecommunications networks](https://www.nextgov.com/cybersecurity/2025/04/salt-typhoon-hacks-wake-call-secure-telecom-services-lawmakers-say/404970/) and a variety of U.S. [critical infrastructure](https://www.nextgov.com/cybersecurity/2024/05/us-diplomats-told-china-stop-volt-typhoon-campaign-its-becoming-more-advanced-intelligence-officials-say/396361/).In March, after receiving new information about the penetrations, Commvault said it was in touch with the FBI, CISA and others.’This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance,’ Commvault said in a [blog post](https://www.commvault.com/blogs/notice-security-advisory-update) at the time, which added that there has been ‘no unauthorized access to customer backup data that Commvault stores and protects.’In late April, CISA also issued a warning to [patch vulnerabilities](https://www.securityweek.com/cisa-warns-of-exploited-broadcom-commvault-vulnerabilities/) in Commvault, Broadcom and Qualitia products that were being actively exploited, though it’s not immediately clear if those vulnerabilities are connected to Silk Typhoon activity.’There are no new developments in this CISA alert since the advisory we posted on May 4,’ a Commvault spokesperson said. ‘CISA is merely reporting on activity we published and alerted them to from then. As noted in prior advisories, we acted on information Microsoft provided to us, but we have not independently attributed the activity to a particular threat actor.’CISA declined to comment. The FBI did not return a request for comment.The breach could have major implications for companies and government agencies that store copies of their most important data in the cloud, putting emails, documents or sensitive customer information at risk.Commvault’s client base includes major enterprise firms like Sony, 3M, Deloitte and AstraZeneca, according to a [customer webpage](https://www.commvault.com/customers). It also has a vast [government services arm](https://www.commvault.com/supported-technologies/government) and [achieved](https://www.prnewswire.com/news-releases/commvault-awarded-govramp-authorization-for-commvault-cloud-302439152.html) GovRAMP — formerly StateRAMP — authorization in April for meeting security verification requirements for U.S. federal business uses.In March, Microsoft said it [observed](https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/) Silk Typhoon targeting ‘common IT solutions like remote management tools and cloud applications to gain initial access.’ The group infiltrates customer networks using stolen credentials, then exploits tools like Microsoft services to carry out espionage operations.Silk Typhoon was found to have [infiltrated](https://www.bloomberg.com/news/articles/2025-01-16/chinese-hacked-us-treasury-secretary-yellen-s-computer-in-breach) Treasury Department networks late last year and compromised some of the agency’s most sensitive systems, including its assets control office, as well as the Committee on Foreign Investment in the United States, which conducts national security reviews of foreign acquisitions.In January, Shanghai-based hacker Yin Kecheng was [sanctioned](https://www.nextgov.com/cybersecurity/2025/01/us-sanctions-chinese-firm-behind-sweeping-salt-typhoon-telecom-hacks/402304/) in connection to that Treasury intrusion, and is believed to be tied to China’s Ministry of State Security, deemed Beijing’s primary civilian intelligence service.’Silk Typhoon has shown proficiency in understanding how cloud environments are deployed and configured, allowing them to successfully move laterally, maintain persistence, and exfiltrate data quickly within victim environments,’ Microsoft said in its March blog, adding that it’s been tracking the hackers since 2020.China has been widely deemed by experts as the [top cyberespionage threat](https://www.nextgov.com/cybersecurity/2025/04/chinese-telcos-provide-backbone-us-allies-mobile-traffic-raising-espionage-concerns/404635/) to the United States, with a history of targeting government agencies, defense contractors and major tech firms to steal sensitive data and intellectual property. Share This:* [](https://x.com/share?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&text=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&via=Nextgov)* [](http://www.linkedin.com/shareArticle?url=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&mini=true&summary=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.&source=Nextgov.com&title=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says)* [](https://www.facebook.com/dialog/feed?picture=https%3A%2F%2Fcdn.nextgov.com%2Fmedia%2Fimg%2Fcd%2F2025%2F05%2F23%2F052325commvaultNG%2F860x394.jpg&name=China-linked+%E2%80%98Silk+Typhoon%E2%80%99+hackers+accessed+Commvault+cloud+environments%2C+person+familiar+says&app_id=622609557824468&redirect_uri=https%3A%2F%2Fwww.nextgov.com&link=https%3A%2F%2Fwww.nextgov.com%2Fcybersecurity%2F2025%2F05%2Fchina-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says%2F405579%2F&display=popup&description=The+hacking+unit+previously+infiltrated+Treasury+Department+networks+and+compromised+some+of+the+agency%E2%80%99s+most+sensitive+systems.)* [](mailto:?body=The%20hacking%20unit%20previously%20infiltrated%20Treasury%20Department%20networks%20and%20compromised%20some%20of%20the%20agency%E2%80%99s%20most%20sensitive%20systems.%0A%0Ahttps%3A//www.nextgov.com/cybersecurity/2025/05/china-linked-silk-typhoon-hackers-accessed-commvault-cloud-environments-person-familiar-says/405579/&subject=Nextgov.com%3A%20China-linked%20%E2%80%98Silk%20Typhoon%E2%80%99%20hackers%20accessed%20Commvault%20cloud%20environments%2C%20person%20familiar%20says)**NEXT STORY:** [An 18th-century war power resurfaces in cyber policy talks](/cybersecurity/2025/05/18th-century-war-power-resurfaces-cyber-policy-talks/405526/?oref=ng-next-story) | [Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says](/artificial-intelligence/2023/12/human-operators-must-be-held-accountable-ais-use-conflicts-air-force-secretary-says/392457/?oref=ng-earthbox-post) | [Why NIST is prioritizing creating a dictionary of AI development](/artificial-intelligence/2023/12/why-nist-prioritizing-creating-dictionary-ai-development/392427/?oref=ng-earthbox-post) | [SSA restructures tech shop to center on the CIO](/modernization/2023/11/ssa-restructures-tech-shop-center-cio/392377/?oref=ng-earthbox-post) | [How a push to the cloud helped a Ukrainian bank keep faith with customers amid war](/modernization/2023/11/how-push-cloud-helped-ukrainian-bank-keep-faith-customers-amid-war/392375/?oref=ng-earthbox-post) | [The people problem behind the government’s AI ambitions](/artificial-intelligence/2023/11/people-problem-behind-governments-ai-ambitions/392212/?oref=ng-earthbox-post) | [sponsor content| Magic Quadrant for Digital Employee Experience Management Tools](/assets/magic-quadrant-digital-employee-experience-managem.png?oref=ng-earthbox-post) | [Human operators must be held accountable for AI’s use in conflicts, Air Force secretary says](/artificial-intelligence/2023/12/human-operators-must-be-held-accountable-ais-use-conflicts-air-force-secretary-says/392457/?oref=ng-earthbox-post) | [Why NIST is prioritizing creating a dictionary of AI development](/artificial-intelligence/2023/12/why-nist-prioritizing-creating-dictionary-ai-development/392427/?oref=ng-earthbox-post) | [SSA restructures tech shop to center on the CIO](/modernization/2023/11/ssa-restructures-tech-shop-center-cio/392377/?oref=ng-earthbox-post) | [How a push to the cloud helped a Ukrainian bank keep faith with customers amid war](/modernization/2023/11/how-push-cloud-helped-ukrainian-bank-keep-faith-customers-amid-war/392375/?oref=ng-earthbox-post) | [The people problem behind the government’s AI ambitions](/artificial-intelligence/2023/11/people-problem-behind-governments-ai-ambitions/392212/?oref=ng-earthbox-post) | [sponsor content| | Magic Quadrant for Digital Employee Experience Management Tools](/assets/magic-quadrant-digital-employee-experience-managem.png?oref=ng-earthbox-post)

Related Tags:
NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 334 – Computer And Electronic Product Manufacturing

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 518 – Computing Infrastructure Providers

Data Processing

Web Hosting

Related Services

NAICS: 92 – Public Administration

NAICS: 922 – Justice

Public Order

Safety Activities

NAICS: 33 – Manufacturing – Metal

Electronics And Other

NAICS: 51 – Information

Associated Indicators: