Murky Panda hackers exploit cloud trust to hack downstream customers
Murky Panda hackers exploit cloud trust to hack downstream customers — Chinese hacker [https://www.bleepstatic.com/content/hl-images/2021/11/08/China_hacker_s
What’s new: The Chinese hacking group Murky Panda (also known as Silk Typhoon) is exploiting trusted relationships in cloud environments to gain access to the networks and data of downstream customers. They have been linked to various cyberespionage campaigns and are known for targeting government, technology, academic, legal, and professional services organizations in North America. Recent tactics include compromising cloud service providers to abuse built-in administrative access, allowing them to pivot into customer environments and steal sensitive data.
Who’s affected
Organizations that utilize SaaS and cloud providers, particularly in government, technology, legal, and professional services sectors, are at risk. The group has targeted entities like the U.S. Treasury’s Office of Foreign Assets Control and the Committee on Foreign Investment.
What to do
- Monitor for unusual Entra ID service principal sign-ins.
- Enforce multi-factor authentication for cloud provider accounts.
- Regularly review and monitor Entra ID logs.
- Promptly patch cloud-facing infrastructure.
