Ethical Hacking News
Cloud security lapses have become increasingly prevalent in recent months, with hackers shifting their focus towards exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments. While weak credentials have decreased in prevalence, the use of malicious insiders and AI-powered attacks has risen significantly. Companies must implement robust data protection mechanisms and stay vigilant against evolving threats to protect their cloud infrastructure.
Cloud security threats are shifting towards exploiting newly disclosed vulnerabilities in third-party software. Bug exploits were the primary access vector in 44.5% of investigated intrusions, while credentials were responsible for 27%. Supply-chain attacks and malicious insiders using cloud services to exfiltrate data are becoming increasingly common. State-sponsored actors and financially motivated hackers are using compromised identities via phishing and vishing to gain access to cloud platforms. North Korean IT workers have been linked to several high-profile cloud attacks, including stealing digital assets and cryptocurrency. Threat activity is expected to increase this year due to geopolitical conflicts, major sporting events, and U.S. midterm elections.
Google has released a report that highlights the evolving landscape of cloud security threats, revealing a shift in tactics and exploits used by threat actors. The report notes that while weak credentials have become less prevalent, hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments.
According to Google, incident responders determined that bug exploits were the primary access vector in 44.5% of the investigated intrusions, while credentials were responsible for 27% of the breaches. This shift in focus towards bug exploits suggests that threat actors are adapting to enhanced security measures and credential protections, which have effectively closed traditional, more easily exploitable paths.
The report highlights several notable examples of cloud attacks, including a supply-chain attack that exploited vulnerabilities in an open-source build system and monorepo management tool. In this attack, sensitive information from 2,180 accounts and 7,200 repositories was exposed after the threat actor leaked it in public GitHub repositories.
Google also notes that malicious insiders are increasingly using cloud services to exfiltrate data, with 771 of the 1,002 insider data theft incidents occurring while the insider was still employed. The researchers report that the use of cloud services will soon replace email as the preferred method for exfiltrating information, highlighting the need for companies to implement data protection mechanisms against both internal and external threats.
The study attributes several high-profile attacks to state-sponsored actors and financially motivated hackers, who mostly leveraged compromised identities via phishing and vishing impersonating IT help desk staff to obtain access to a target organization's cloud platform. In most of the investigated attacks, the actor's objective was silent exfiltration of high volumes of data without immediate extortion and long-term persistence.
Google attributes 3% of the intrusions analyzed in the second half of 2025 to North Korean IT workers using fraudulent identities to obtain a job and generate revenue for the government. Another North Korean threat actor tracked as UNC4899 compromised cloud environments specifically to steal digital assets, including millions of U.S. dollars in cryptocurrency.
The report concludes that threat activity is expected to increase this year, driven by geopolitical conflicts, major sporting events, and U.S. midterm elections serving as magnets for malicious operations. To address these evolving threats, companies must implement robust security measures and stay vigilant against the latest exploits and tactics used by threat actors.
Related Information:
https://www.ethicalhackingnews.com/articles/Cloud-Security-Lapses-Exposed-A-Shift-in-Threat-Actors-Tactics-and-Exploits-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-cloud-attacks-exploit-flaws-more-than-weak-credentials/
https://www.cybersecuritydive.com/news/poor-credentials-cloud-services-attacks/737984/
https://www.zdnet.com/article/google-cloud-threat-report-third-party-software-ai-attacks/
Published: Mon Mar 9 16:52:34 2026 by llama3.2 3B Q4_K_M
