Murky Panda, a China-related entity, strategically navigates through cloud services with lateral movements.
In its recently released 2025 Threat Hunting Report, CrowdStrike highlighted a significant trend: a 136% increase in cloud intrusions, largely attributed to “China-nexus adversaries,” including Murky Panda (also known as Silk Typhoon). This group has been operational since at least 2023, targeting government, technology, academia, legal, and professional services sectors in North America to steal sensitive information. Murky Panda is notorious for exploiting n-day and zero-day vulnerabilities in internet-facing appliances for initial access, deploying webshells like Neo-reGeorg, and using custom Linux malware named CloudedHope for remote access. They also utilise compromised SOHO devices geolocated in the target countries as exit nodes, which helps mask the origin of their attacks.
CrowdStrike’s analysis revealed that Murky Panda has successfully compromised cloud environments, leveraging trusted relationships within these systems to reach their intended victims. In at least two documented cases, the group exploited zero-day vulnerabilities to gain access to Software-as-a-Service (SaaS) providers’ cloud environments. Following these breaches, they navigated the compromised environments to access downstream customers’ data. One incident involved a SaaS provider using Entra ID, where Murky Panda likely obtained the application registration secret to authenticate as service principals and access customer emails. Another intrusion saw the group exploit a Microsoft cloud solution provider’s delegated administrative privileges to create a backdoor user in a downstream victim’s tenant, granting them Application Administrator privileges and control over service principals.
Categories: Cloud Intrusions, Cybersecurity Threats, Malware Tactics
Tags: Cloud Intrusions, China-nexus Adversaries, Murky Panda, Vulnerabilities, Webshells, CloudedHope, SaaS Providers, Lateral Movement, Entra ID, Global Administrator Privileges