China-linked ‘Silk Typhoon’ hackers accessed Commvault cloud environments, person familiar says

Data management software firm Commvault was compromised by Chinese hackers that accessed the firm’s enterprise cloud systems and targeted its customers’ application secrets, according to a person with knowledge of the matter. 

The hacking unit responsible for the intrusions is known as Silk Typhoon, said the person, who was granted anonymity to be candid about non-public details surrounding the breach. On Thursday, the Cybersecurity and Infrastructure Security Agency and Commvault released a critical joint advisory about the hacking activity. The intrusion’s connection to Silk Typhoon has not been previously reported.

In the advisory, CISA said it believes “the threat activity may be part of a larger campaign targeting various SaaS companies’ cloud applications with default configurations and elevated permissions.”

In late February, Microsoft notified Commvault about unauthorized access into its systems from a “nation-state threat actor” that was spotted because Commvault’s “Metallic” data-protection product is hosted in ...