Creating PANDA-monium. [Research Saturday]
CyberWire Daily
00:00
The Unguarded Threat of CrowdStrike
CrowdStrike has a common theme we communicate to victims that the threat actors aren't breaking into your environment, they're logging into your environment. One of the pieces of trade craft related to Vanguard Panda is that they heavily leverage stolen credentials to gain initial access to their targets. That was the case here as well. The threat actor was able to gain access to the infrastructure using credentials that were probably procured through the access broker markets and was using those credentials to carry out their trade craft. It had gone undetected if not for the advanced EDR technology and the threat hunting capabilities of our Falcon team.
Play episode from 07:44
Transcript
