MURKY PANDA: A Trusted-Relationship Threat in the Cloud

CrowdStrike's blog discusses the activities of MURKY PANDA, a sophisticated China-nexus adversary known for targeting government, technology, academic, legal, and professional services sectors in North America through cloud-based cyberespionage. The adversary has demonstrated expertise in exploiting internet-facing appliances and leveraging trusted-relationship compromises in the cloud, often using advanced operational security measures to avoid detection. MURKY PANDA has exploited both n-day and zero-day vulnerabilities, including CVE-2023-3519, and utilized custom malware like CloudedHope to achieve their intelligence-gathering objectives. They have also been observed compromising SaaS providers and cloud solution providers to access downstream customers' environments, highlighting their proficiency in navigating complex cloud infrastructures. CrowdStrike's analysis emphasizes the importance of rigorous monitoring and security measures to counter such threats, especially for organizations heavily reliant on cloud environments.