CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Cloud Security

Chinese Silk Typhoon Hackers Targeting Multiple Industries in North America

Silk Typhoon was seen exploiting n-day and zero-day vulnerabilities for initial access to victim systems. The post Chinese Silk Typhoon Hackers Targeting Multiple Industries in North America appeared first on SecurityWeek.

Chinese hackers exploit React2Shell

Chinese state-sponsored hacking group Silk Typhoon has been intensifying its attacks against entities in North America, CrowdStrike says.

The APT, which has been blamed for the 2024 US Treasury hack, was seen attacking high-profile targets within the government, technology, academic, legal, and professional services sectors, for intelligence gathering.

CrowdStrike, which tracks the group as Murky Panda, observed the hackers rapidly weaponizing n-day and zero-day vulnerabilities for initial access to victims’ environments. They also appear to have compromised SOHO routers, to abuse them as infrastructure in attacks.

“The adversary has leveraged trusted-relationship compromises in the cloud and demonstrated a high level of operations security (OPSEC), including modifying timestamps and deleting indicators of their presence in victim environments to avoid detection and hinder attribution efforts,” CrowdStrike notes.

Silk Typhoon was seen targeting Citrix NetScaler ADC and NetScaler Gateway instances affected by CVE-2023-3519, CrowdStrike reports.

The hackers have been relying on RDP, web shells, and, occasionally, on malware such as CloudedHope, for lateral movement and persistence. Developed in Golang, CloudedHope has basic remote access tool (RAT) functionality.

They frequently access the victims’ cloud environments, likely for information harvesting, and were seen compromising service providers to access downstream customers’ environments, including email inboxes.

“In at least two cases analyzed by CrowdStrike, Murky Panda exploited zero-day vulnerabilities to achieve initial access to software-as-a-service (SaaS) providers’ cloud environments. Following the compromise, Murky Panda determined the compromised SaaS cloud environments’ logic, enabling them to leverage their access to that software to move laterally to downstream customers,” CrowdStrike explains.

Silk Typhoon, CrowdStrike says, targets rarely monitored access vectors to evade defenses, shows knowledge of niche Entra ID concepts, and focuses on sanitizing logs on victim systems.

“Organizations that rely heavily on cloud environments are innately vulnerable to trusted-relationship compromises in the cloud. China-nexus adversaries such as Murky Panda continue to leverage sophisticated tradecraft to facilitate their espionage operations, targeting numerous sectors globally,” CrowdStrike notes.

*Updated to remove mentions of Commvault zero-day exploitation, after CrowdStrike updated their report.

Related: Report Links Chinese Companies to Tools Used by State-Sponsored Hackers

Related: Web Hosting Firms in Taiwan Attacked by Chinese APT for Access to High-Value Targets

Related: Chinese Researchers Suggest Lasers and Sabotage to Counter Musk’s Starlink Satellites

Related: Companies Warned of Commvault Vulnerability Exploitation

Latest News

CYBERNEWSMEDIAPublisher