Storm-0227 Breaches US Government and Critical Sectors
Microsoft reports that the Chinese hacking group Storm-0227 launched attacks on U.S. critical infrastructure and government agencies on December 5. The group, active since January, continues its operations to this day.
Storm-0227’s activities overlap with those of other Chinese espionage groups, such as Silk Typhoon (Hafnium) and TAG-100. Over the past year, their primary targets have included American organizations spanning the defense industry, aerospace firms, telecommunications companies, financial and legal sectors, as well as government agencies and non-governmental organizations.
The group employs known vulnerabilities in web applications and phishing emails containing malicious attachments or links. Since September, they have been actively distributing SparkRAT, an open-source remote administration tool that provides persistent access to victims’ systems. Notably, the group does not develop custom malware but instead relies on readily available commercial solutions.
Once systems are breached, the attackers steal credentials for cloud services, including Microsoft 365 and eDiscovery, a tool used by legal professionals for document analysis. By exploiting legitimate applications, they evade detection, blending in as ordinary users. The primary objective of these attacks is to extract confidential information, such as emails and related files. Analysts believe that such data enables the hackers to gain deeper insights into their victims’ operations.
Storm-0227’s victims often overlap with sectors targeted by other Chinese hacker groups, such as Salt Typhoon (focused on telecommunications) and Volt Typhoon. Experts warn that the group’s activity is likely to persist as China intensifies its efforts to gather intelligence deemed critical to national security.
Microsoft emphasizes that these cyber-espionage operations continue to harvest files for reconnaissance purposes, including contextual information from communications. The primary focus remains on U.S. interests and strategic assets.
