In a recent alarming development, Microsoft has identified a Chinese government-linked cyber espionage group, Storm-2077, that has been actively targeting critical U.S. organizations and government agencies. Active since at least January, Storm-2077 has been engaged in operations against a range of sectors including defense, aviation, telecommunications, financial services, legal services, and numerous governmental and non-governmental agencies. Microsoft’s threat intelligence team observed the group’s persistence and their operational similarities to other known Chinese cyber espionage groups like Silk Typhoon and TAG-100. This group continues to evince the threat posed by Chinese cyberespionage, characterized by their methodical targeting of high-value U.S. assets.
Storm-2077 typically begins by gaining initial access through exploiting vulnerabilities in public-facing applications or by launching spear phishing emails.
