How much do you trust your cloud? Hackers exploit weakness to target customers – here’s what we know

Chinese hackers found a unique way to target US firms
The method remained largely hidden until now
Hackers are mostly interested in espionage, experts claim

Chinese threat actors known as Murky Panda are abusing the trust businesses have in their cloud providers to break into companies, steal sensitive files, and maintain persistence for additional reconnaissance and espionage.

Security researchers at Crowdstrike have revealed how, since 2023, they have seen at least two cases in which Murky Panda exploited zero-day flaws to break into SaaS providers’ cloud environment.

After breaking in, they analyzed their victim’s cloud environment logic, “enabling them to leverage their access to that software to move laterally to downstream customers.”

Silk Typhoon

So, in essence, this is a third-party cyberattack conducted through a cloud-based service provider. However, the method is unique, and that makes it more successful compared to others, more widely reported ones:

“Due to the activity’s rarity, this initial access vector to a victim’s cloud environment remains relatively undermonitored compared to more prominent initial access vectors such as valid cloud accounts and exploiting public-facing applications,” Crowdstrike explained.

The researchers also said the threat actor has been active since at least 2023, and that its techniques, tactics, and procedures are quite similar to those of Silk Typhoon, a known Chinese state-sponsored group. Since attribution is often tricky, the researchers hint that this could be Silk Typhoon, a partnering group, or a copycat.

Whoever it is, it seems to be focused on cyber-espionage and intelligence-gathering. Most of its targets are in government, technology, academia, legal, and professional services, located primarily in North America.