- Chinese pirates have found a unique way to target American companies
- The method has been widely hidden so far
- Pirates are mainly interested in espionage, assert experts
Chinese threat actors known as the troubled panda abuse the confidence that companies have in their cloud suppliers to enter businesses, steal sensitive files and maintain persistence for additional recognition and espionage.
Crowdsstrike safety researchers have revealed how, since 2023, they have seen at least two cases in which a troubled panda has exploited zero faults to enter the cloud environment of SaaS suppliers.
After their introduction by break -in, they analyzed the logic of the cloud environment of their victim, “allowing them to take advantage of their access to this software to move laterally to downstream customers”.
Silk typhoon
Thus, in essence, it is a third -party cyberattack to a third party led by a provider of services based on the cloud. However, the method is unique, which makes it more effective compared to others, more broadly reported:
“Due to the scarcity of the activity, this initial access vector for the cloud environment of a victim remains relatively sub-.
The researchers also said that the threat actor has been active for at least 2023, and that his techniques, tactics and procedures are quite similar to those of the silk typhoon, a group known by the Chinese state. Since the attribution is often delicate, the researchers suggest that this could be a silk typhoon, a partnership group or a copier.
Whatever, it seems to focus on cyber-espionage and information collection. Most of its objectives are in government, technology, the academic world, legal and professional services, located mainly in North America.
When penetrating their initial targets, Minky Panda uses different methods and tools. They were seen by taking advantage of the CVE-2023-3519-a known vulnerability affecting the instances of the Citrix Netscal and Netscaling gateway. This defect is at least two years old and has been mistreated in the past by various ransomware players.
In other cases, they were also seen to compromise different small office / home office devices (SOHO).
