Hafnium (sometimes styled HAFNIUM; also called Silk Typhoon by Microsoft[1]) is a cyber espionage group, sometimes known as an advanced persistent threat, with alleged ties to the Chinese government.
[3][4] According to Microsoft, they are based in China but primarily use United States–based virtual private servers,[6] and have targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs".
[7] In July 2021, UK foreign secretary Dominic Raab said the attack had been performed by "Chinese state-backed groups" linked to the Ministry of State Security (MSS).
[5] Hafnium was linked to the creation of Tarrask, a defense evasion malware used on previous attacks.
The malware uses scheduled task abuse to hide payloads delivered to servers.