Cybersecurity experts are warning about Murky Panda, a China-linked hacking group exploiting cloud trust relationships to infiltrate enterprise networks. Known for its 2021 zero-day attacks on Microsoft Exchange, Murky Panda continues to target sectors like government, tech, and legal services in North America.
CrowdStrike reports the group frequently uses internet-facing appliances and quickly weaponizes vulnerabilities to gain access. Microsoft noted a shift in tactics this year, with Murky Panda now targeting IT supply chains. The group also uses compromised SOHO devices to mask its activity.
Murky Panda exploits flaws in Citrix and Commvault systems to deploy web shells and a custom malware called CloudedHope, which enables remote access and hides its presence. A key tactic involves abusing cloud-based relationships between partner organizations to move laterally across networks. In one case, the group used a supplier’s access to backdoor an Entra ID tenant and manipulate email-related services.
Genesis Panda: Cloud Manipulation and Access Brokering
Genesis Panda, another China-affiliated actor, has been active since early 2024. It targets cloud service provider accounts across 11 countries, focusing on financial, media, and tech sectors. The group exploits web-facing vulnerabilities and uses compromised credentials to navigate cloud environments, often querying metadata services to deepen access.
Glacial Panda: Telecom Sector Under Siege
Glacial Panda has intensified attacks on telecom firms, with a 130% rise in activity over the past year. Operating across Asia, Africa, and the Americas, it focuses on Linux systems and legacy infrastructure. The group uses known vulnerabilities and weak passwords to breach servers, then escalates privileges using bugs like Dirty COW and PwnKit.
Glacial Panda deploys trojanized OpenSSH tools, dubbed ShieldSlide, to steal credentials and maintain backdoor access. These intrusions are believed to support intelligence collection efforts.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
