“2025 cloud threat hunting and defense landscape executive summary insikt group has observed continued trends of growth and increased activity of threat actors leveraging and exploiting cloud infrastructure to broaden the number of victims they target and infect. recent reporting …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1665Hide Infrastructure
54%
“tenant - wide administrative control. post - compromise activity is characterized by heavy use of built - in cloud and saas functionality : enumerating and exfiltrating data via native storage and backup services, destroying or encrypting cloud backups and snapshots for impact, m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078Valid Accounts
48%
“2025 cloud threat hunting and defense landscape executive summary insikt group has observed continued trends of growth and increased activity of threat actors leveraging and exploiting cloud infrastructure to broaden the number of victims they target and infect. recent reporting …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
45%
“tenant - wide administrative control. post - compromise activity is characterized by heavy use of built - in cloud and saas functionality : enumerating and exfiltrating data via native storage and backup services, destroying or encrypting cloud backups and snapshots for impact, m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
38%
“tenant - wide administrative control. post - compromise activity is characterized by heavy use of built - in cloud and saas functionality : enumerating and exfiltrating data via native storage and backup services, destroying or encrypting cloud backups and snapshots for impact, m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1496Resource Hijacking
33%
“tenant - wide administrative control. post - compromise activity is characterized by heavy use of built - in cloud and saas functionality : enumerating and exfiltrating data via native storage and backup services, destroying or encrypting cloud backups and snapshots for impact, m…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1078.004Cloud Accounts
31%
“an attack chain, with a notable focus on llm and other ai - powered services hosted in cloud environments. the trends associated with abuse indicate a shift in threat actor perception, demonstrating that threat actors are exploring the broader benefits that compromised cloud serv…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Threat actors are doubling down on cloud infrastructure — exploiting misconfigurations, abusing native services, and pivoting through hybrid environments to maximize impact. See how attack patterns are evolving across exploitation, ransomware, credential abuse, and AI service targeting in this latest cloud threat roundup.