Cybersecurity experts have identified a China-linked cyber espionage group, Murky Panda, exploiting cloud trust relationships and vulnerabilities to target government and enterprise networks. The groupβs tactics include weaponizing zero-day vulnerabilities, deploying custom malware, and exploiting supply chains to gather intelligence. #MurkyPanda #CloudSecurity #EntraID #ZeroDayVulnerabilities
Keypoints
- Murky Panda is known for exploiting Microsoft Exchange Server flaws and abusing trusted cloud relationships.
- The group uses web shells and custom malware, like CloudedHope, for persistence and covert access.
- They frequently target SaaS providers and compromise partner organizations to access downstream victims.
- Genesis Panda, another China-linked actor, exploits cloud vulnerabilities for intelligence activities across multiple sectors.
- Glacial Panda focuses on telecommunications, using known bugs and trojanized SSH to exfiltrate data and maintain access.
Read More: https://thehackernews.com/2025/08/chinese-hackers-murky-genesis-and.html