Silk Typhoon / Hafnium coordinated intelligence-gathering campaign
Campaign
Summary
Hide ▲
Show ▼
The Silk Typhoon / Hafnium operation is tied to a coordinated intelligence-gathering campaign spanning February 2020 to June 2021, underscoring a sustained espionage effort rather than a single intrusion. The campaign targeted COVID-19 research organizations and sought data on vaccines, treatments, and testing. It also used Microsoft Exchange Server zero-day vulnerabilities to reach victim networks and expand access.
Related Happenings
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
FamousSparrow multi-wave intrusion campaign against Azerbaijani oil and gas company
CampaignAbout this happening: A **China-affiliated** actor tracked as **FamousSparrow (UAT-9244)** ran a **multi-wave intrusion** against an **unnamed Azerbaijani oil and gas company** from **late December 202...
Code of conduct-themed Microsoft AiTM phishing campaign
Campaign
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
About this happening:
A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Code of conduct-themed Microsoft AiTM phishing campaign
CampaignAbout this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law Enforcement
First: 27.04.2026 22:56
Last: 27.04.2026 22:56
Sources 1
How related:
Xu Zewei, a 34-year-old Chinese national, appeared in a federal court in Houston over the weekend on charges tied to a series of intrusions carried out between February 2020 and June 2021, some of which were allegedly tied to the Silk Typhoon campaign.
About this happening:
**Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Xu Zewei extradited for U.S. cyberespionage prosecution
Law EnforcementHow related: Xu Zewei, a 34-year-old Chinese national, appeared in a federal court in Houston over the weekend on charges tied to a series of intrusions carried out between February 2020 and June 2021, some of which were allegedly tied to the Silk Typhoon campaign.
About this happening: **Xu Zewei** was **extradited from Italy to the United States** to face criminal charges in a **cyberespionage** case tied to **China's MSS**. The move expands the legal exposure...
Tropic Trooper trojanized SumatraPDF remote-access campaign
Campaign
First: 24.04.2026 12:29
Last: 24.04.2026 12:29
Sources 1
About this happening:
**Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
Tropic Trooper trojanized SumatraPDF remote-access campaign
CampaignAbout this happening: **Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...
Timeline
-
28.04.2026 15:30 1 articles · 29d ago
Silk Typhoon targeted US universities and Exchange servers
Campaign Scope UpdateUS officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.
Show sources
- Chinese National Extradited Over Silk Typhoon Cyber Campaign — www.infosecurity-magazine.com — 28.04.2026 15:30
-
27.04.2026 22:56 1 articles · 29d ago
Xu Zewei extradited to the United States for Silk Typhoon charges
Legal Policy Action UpdateU.S. authorities extradited Xu Zewei from Italy to the United States on 2026-04-27 to face criminal charges tied to alleged Silk Typhoon/Hafnium cyberespionage directed by China's Ministry of State Security. The allegations describe breaches between February 2020 and June 2021, including Microsoft Exchange Server zero-day exploitation beginning in late 2020, web-shell deployment, mailbox access, lateral movement, data exfiltration, and targeting of COVID-19 research organizations for vaccine, treatment, and testing data.
Show sources
- Alleged Silk Typhoon hacker extradited to US for cyberespionage — www.bleepingcomputer.com — 27.04.2026 22:56