Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Chinese Hackers Boost Cloud Espionage

August 22, 2025
Reading Time: 3 mins read
in Alerts
FBI Warns FSB Hackers Exploit Cisco Flaws

The Chinese cyber espionage group Murky Panda, also known as Silk Typhoon, is now using a new tactic of exploiting trusted cloud relationships to breach enterprise networks. They achieve initial access by exploiting vulnerabilities in internet-facing appliances and then use their custom malware, CloudedHope, to maintain a covert presence for intelligence gathering.

A sophisticated Chinese cyber espionage group, Murky Panda, is gaining attention from cybersecurity researchers for its advanced and evolving tactics. Known to some as Silk Typhoon, the group has a history of high-profile attacks, most notably the zero-day exploitation of Microsoft Exchange Server flaws in 2021. Their operations are primarily focused on intelligence gathering and target a wide array of entities in North America, including government, technology, academic, legal, and professional services sectors. What sets Murky Panda apart is their ability to rapidly weaponize both new (zero-day) and existing (N-day) vulnerabilities, using them to achieve initial access to their targets.

Murky Panda’s methods for initial access are varied and opportunistic. They frequently exploit internet-facing appliances, demonstrating a preference for exploiting known security flaws in devices like Citrix NetScaler ADC (CVE-2023-3519) and Commvault (CVE-2025-3928). Once inside a network, they often deploy web shells, such as neo-reGeorg, to establish a foothold and maintain persistence. In some cases, the group uses compromised small office/home office (SOHO) devices in the targeted country as exit nodes. This tactic helps them evade detection by making their malicious traffic appear to originate from a trusted, domestic source, complicating forensic analysis and attribution efforts.

A particularly alarming aspect of Murky Panda’s latest tradecraft is its focus on abusing trusted relationships within cloud ecosystems. Instead of directly attacking a target, the group may compromise a third-party supplier or partner organization that has administrative access to the victim’s cloud environment. By exploiting zero-day vulnerabilities in a SaaS provider’s cloud, they can then perform lateral movement to gain access to downstream victims. In one documented case, Murky Panda breached a supplier to a North American entity, using the supplier’s administrative privileges to create a temporary backdoor account in the victim’s Entra ID tenant. This allowed them to compromise pre-existing service principles to access sensitive data, such as emails.

To facilitate their espionage, Murky Panda leverages a custom remote access tool (RAT) called CloudedHope. This 64-bit ELF binary is written in Golang, a programming language increasingly favored by malware developers for its cross-platform capabilities. CloudedHope isn’t just a simple RAT; it incorporates advanced anti-analysis and operational security (OPSEC) measures. For example, it can modify file timestamps and delete indicators of its presence to avoid detection by security tools and hinder the efforts of incident responders. This high level of OPSEC ensures that the group can remain stealthy and persistent in their victim’s networks, prolonging their intelligence-gathering operations.

The activities of Murky Panda underscore a critical and evolving threat to modern enterprises. Organizations must move beyond traditional perimeter defenses and secure their entire digital supply chain, including their relationships with third-party vendors and cloud service providers. The shift in tactics from exploiting internet-facing appliances to abusing cloud trust relationships means that businesses need to re-evaluate their security posture. Stronger identity and access management controls, regular auditing of third-party cloud access, and continuous monitoring for unusual activity are essential. This proactive approach is vital to defend against sophisticated adversaries like Murky Panda, who are constantly adapting their methods to bypass security measures and achieve their intelligence-driven objectives.

Reference:

  • Murky, Genesis, Glacial Panda Hackers Escalate Cloud and Telecom Espionage
Tags: August 2025Cyber AlertsCyber Alerts 2025CyberattackCybersecurity
ADVERTISEMENT

Related Posts

Smishing targets routers in Belgium 2025

Smishing targets routers in Belgium 2025

October 2, 2025
Smishing targets routers in Belgium 2025

Outlook Bug Causes Repeated Crashes

October 2, 2025
Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

October 2, 2025
Microsoft Sentinel Unveils AI SIEM

Apple Pushes iPhone and Mac Updates

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

Tesla Fixes TCU Bug With USB Risk

October 1, 2025
Microsoft Sentinel Unveils AI SIEM

EvilAI Malware Posing As AI Tools

October 1, 2025

Latest Alerts

Outlook Bug Causes Repeated Crashes

Smishing targets routers in Belgium 2025

MatrixPDF Toolkit Turns PDFs Into Lures

Tesla Fixes TCU Bug With USB Risk

Apple Pushes iPhone and Mac Updates

EvilAI Malware Posing As AI Tools

Subscribe to our newsletter

    Latest Incidents

    Allianz Life July Breach Hits 1.5M

    Dealership Software Breach Hits 766k

    Suffolk Website Down After Cyber-Attack

    WestJet Confirms Data Breach

    Ransomware Gang Recruits Reporter

    US Surveillance Hack Exposes Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial