Data management software company Commvault has reportedly fallen victim to a cyber attack carried out by a group of Chinese hackers, known as Silk Typhoon, which accessed its enterprise cloud systems and targeted sensitive application secrets belonging to its clients. This information comes from an anonymous source knowledgeable about the situation.
The Cybersecurity and Infrastructure Security Agency (CISA) and Commvault have jointly issued a critical advisory regarding this breach. This marks the first report linking the intrusion to Silk Typhoon, a hacking unit associated with the Chinese government. CISA has indicated that this threat activity could form part of a larger campaign aimed at various SaaS companies’ cloud applications that have default settings and elevated permissions.
Commvault was alerted to unauthorized access to its systems in late February by Microsoft, which noted the involvement of a “nation-state threat actor.” This access came to light because Commvault’s “Metallic” data-protection product operates on Microsoft’s Azure cloud platform.
Silk Typhoon is part of a broader network of Chinese government-backed hacking collectives that Microsoft categorizes under the “Typhoon” label, related to cyber activities tied to Beijing. Over the past year, these units have gained attention for their extensive intrusions into global telecommunications and critical U.S. infrastructure.
In response to the breach, Commvault has contacted the FBI and CISA for assistance, reassuring clients that the unauthorized access appeared to concern a limited number of mutual customers with Microsoft, and emphasizing there had been no unauthorized access to customer backup data held by the company.
In late April, CISA had also raised concerns over vulnerabilities in Commvault and other products that were being exploited, although it remains unclear if these vulnerabilities relate specifically to Silk Typhoon’s activities.
While the breach raises significant concerns regarding the safety of cloud-stored data—including emails, documents, and sensitive customer information—it’s important to note that Commvault’s extensive client base features major enterprises such as Sony, 3M, Deloitte, and AstraZeneca. Furthermore, the firm has a strong government services division and achieved GovRAMP authorization in April, reflecting its compliance with stringent security standards for U.S. federal operations.
Microsoft has previously reported that Silk Typhoon is adept at targeting common IT solutions, using stolen credentials for initial access, and then utilizing tools like Microsoft services for espionage. The group has even intruded into Treasury Department networks in the past year, accessing sensitive systems linked to national security.
Cybersecurity remains a critical focus as experts underscore China’s ongoing cyberespionage threats to the United States, which could pose risks to sensitive data for both governmental and private sectors.
The situation highlights the importance of robust cybersecurity measures in protecting data integrity and poses an opportunity for companies to reinforce their defenses against similar threats in the future.