The Murky Panda (also known as Silk Typhoon) is a cyber threat that has had significant activity since 2023 and has targeted government, technology, academic, legal and professional services. Currently there are reports of the threats only in North America, however, as the Murky Panda has previously targeted compromises in the cloud, it is assumed that they will easily transition to attacks further afield. The threat group is a China-nexus group motivated by intelligence collection.

The Murky Panda specialises in exploiting zero-day vulnerabilities and internet-facing appliances.

A comprehensive blog by CrowdStrike gives technical details about how to defend against attacks: MURKY PANDA Trusted-Relationship in the Cloud

Over the last 18 months we have seen an increase in schools moving to cloud environments and not necessarily implementing enough access controls, but rather relying on the safety of large, well-known cloud vendor reputation. Schools should move beyond basic cyber security hygiene and adopt a multi-layered, proactive strategy:

1. Harden Your Cloud and Third-Party Systems and Checks

• Due diligence : before signing up with any cloud service provider conduct thorough due diligence and include your DPO to help with the assessment process. Conduct a DPIA if there is a high risk.  DPE Customers should review our Supplier Due Diligence Best Practice Area.
• Audit your integration: regularly check any third party connections, what you are sharing and who you are sharing with. Only share what is absolutely necessary - which might be less than the vendor is asking for.
• Configure Multi-Factor Authentication: this is non-negotiable and should be for all users. Schools and colleges should also enforce for students that have access to the cloud systems. Murky Panda is known to compromise cloud services through stolen credentials - MFA is a critical defence against this. Review the DfE Cyber Security Standards which also advises strict access control procedures.  Having trouble persuading staff that MFA is beneficial?  Share our simple video explaining MFA: MFA Protecting Digital Life.

2. Strengthen Your Technical Defences

• Patch Management: ensure there is a rigorous policy for patching and updating all software and hardware, including firewalls. Review the DfE Digital Standards which gives strict guidelines about timescales for this. This is a key area for Murky Panda to exploit zero day vulnerabilities. Review our video: Software Updates and Patch Management.
• Network Segmentation: ensure your network is segmented to separate critical and sensitive data and systems from other areas. This can help prevent an attacker from moving freely around systems. Review the DfE Network Standards and our Network Security video.

3. Policies, Training and Response

• Training: ensure all staff and students have regular training. The DfE Cyber Security Standards advises that cyber security training is conducted annually. The training should include anyone that logs into any of the organisation's systems, including governors. The DfE Cyber Security Standards will be mandatory, alongside 5 other standards, from September 2025 and gives further guidance about training and awareness. Create a culture of cyber security awareness in your organisation. Review our video about Employee Training and Awareness.
• Robust Response: have a well-documented and rehearsed incident plan that everyone knows and understands. Ensure everyone knows what their role is when an incident happens.

4. Backups

• Schools and colleges should ensure they follow the back up guidelines in the DfE Cyber Security Standards, one of the six core standards. Review our video about Backup and Recovery.

By focusing on these areas, school can build a robust defence that directly addresses such threats.

Learn more about the DfE Digital Standards in our video, DfE Digital Standards Simply Explained