What’s new: The Chinese hacking group Murky Panda (also known as Silk Typhoon) is exploiting trusted relationships in cloud environments to gain access to downstream customers’ networks. They have been linked to various cyberespionage campaigns and are known for targeting sectors such as government, technology, and professional services. Recent tactics include compromising cloud service providers to abuse their administrative access, allowing them to pivot into customer environments and steal sensitive data.
Who’s affected
Organizations in North America, particularly in government, technology, academic, legal, and professional services sectors, are at risk. The group has previously targeted entities like the U.S. Treasury’s Office of Foreign Assets Control and has exploited vulnerabilities in services such as Citrix NetScaler and Microsoft Exchange.
What to do
- Monitor for unusual Entra ID service principal sign-ins.
- Enforce multi-factor authentication for cloud provider accounts.
- Regularly review and monitor Entra ID logs.
- Promptly patch cloud-facing infrastructure to mitigate vulnerabilities.
