China’s state-sponsored hacking group Silk Typhoon has intensified cyberattacks on North American cloud networks, exploiting zero-day vulnerabilities in products like Commvault and Citrix Netscaler to access sensitive government and defense data. Since late spring 2025, the group has targeted software-as-a-service providers, technology firms, and legal services through supply chain compromises, using flaws such as CVE-2023-3519 in Citrix Gateway and CVE-2025-3928 in Commvault devices to infiltrate downstream customer environments. CrowdStrike reported over a dozen incidents by August 2025, including abuses of Entra ID permissions and delegated access to enable lateral movement and data exfiltration. U.S. officials link these operations to Beijing’s strategy amid Indo-Pacific tensions, prompting calls for urgent patching, enhanced supply chain security, and multi-factor authentication to mitigate risks to critical infrastructure.