When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

Subsequent investigation uncovered these two flaws, which the company later patched.

Attacks on the Treasury Department

The bugs are tracked as CVE-2024-12686, and CVE-2024-12356.

A digital themed isometric showing a neon padlock in the foreground, and a technological diagram of a processor logic board in the background.

It was given a 9.8 severity score (critical).

CVE-2024-12356 was added to KEV on December 19, while CVE-2024-12686 on January 13.

Silk Typhoon is perhaps best known for targeting some 68,500 servers in early 2021 usingMicrosoftExchange Server ProxyLogon zero-days.