Murky Panda hackers exploit cloud trust to hack downstream customers
What’s new: The Chinese hacking group Murky Panda (also known as Silk Typhoon) is exploiting trusted relationships in cloud environments to gain access to downstream customers’ networks. They have been linked to various cyberespionage campaigns and are known for targeting government, technology, academic, legal, and professional services organizations in North America. Recent tactics include compromising cloud service providers to abuse administrative access and pivot into customer environments.
Who’s affected
Organizations utilizing SaaS and cloud services, particularly in government, technology, legal, and professional services sectors, are at significant risk due to Murky Panda’s exploitation of trusted cloud relationships.
What to do
- Monitor for unusual Entra ID service principal sign-ins.
- Enforce multi-factor authentication for cloud provider accounts.
- Regularly review and monitor Entra ID logs.
- Promptly patch cloud-facing infrastructure.
