"Murky Panda, also known as Silk Typhoon (formerly Hafnium), is best known for its zero-day exploitation of Microsoft Exchange Server flaws in 2021. Attacks mounted by the hacking group have targeted government, technology, academic, legal, and professional services entities in North America. Earlier this March, Microsoft detailed the threat actor's shift in tactics, detailing its targeting of the information technology (IT) supply chain as a means to obtain initial access to corporate networks."
"Like other Chinese hacking groups, Murky Panda has exploited internet-facing appliances to obtain initial access and is believed to have also compromised small office/home office (SOHO) devices that are geolocated in the targeted country as an exit node to hinder detection efforts. Other infection pathways include exploitation of known security flaws in Citrix NetScaler ADC and NetScaler Gateway ( CVE-2023-3519)"
Murky Panda is a China-nexus cyber espionage group that abuses trusted relationships in the cloud to breach enterprise networks. The group rapidly weaponizes N-day and zero-day vulnerabilities and frequently gains initial access by exploiting internet-facing appliances. Targets include government, technology, academic, legal, and professional services entities in North America. Tactics include targeting the IT supply chain to obtain initial access, compromising SOHO devices as geolocated exit nodes to hinder detection, and exploiting vulnerabilities such as CVE-2023-3519 and CVE-2025-3928. Initial access is used to deploy web shells like neo-reGeorg and to drop CloudedHope, a 64-bit Golang ELF RAT that modifies timestamps and deletes indicators to evade analysis and detection.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]