The Hands-on Keyboard Activity That Our Threat Hunting Team Discovered

Thomas Etheridge from CrowdStrike sits down to discuss their work on "Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft" In May of 2023, industry and government sources detailed China-nexus activity where they found the threat actor dubbed Volt Typhoon targeted U.S. based critical infrastructure entities. CrowdStrike's Intelligence team tracked this actor as VANGUARD PANDA. 

With CISA’s advisory on VANGUARD PANDA and its link to Chinese adversaries who are increasingly targeting US businesses and critical infrastructure, CrowdStrike’s blog dives deeper into the risks of VANGUARD PANDA. The research says "One specific VANGUARD PANDA incident stands out to review in detail. Falcon Complete responded to a detection that was triggered by suspicious reconnaissance commands executed under an Apache Tomcat web server running ManageEngine ADSelfService Plus."

The research can be found here:

• Business as Usual: Falcon Complete MDR Thwarts Novel VANGUARD PANDA (Volt Typhoon) Tradecraft

Learn more about your ad choices. Visit megaphone.fm/adchoices