Novel Technique to Detect Cloud Threat Actor Operations

Posted onAuthorCyber Security Review

Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors.

The difficulty doesn’t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor group techniques specifically within cloud environments.

Read more…
Source: Palo Alto Unit 42

Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox

Related:

  • Novel Technique to Detect Cloud Threat Actor Operations

    February 6, 2026

    Cloud-based alerting systems often struggle to distinguish between normal cloud activity and targeted malicious operations by known threat actors. The difficulty doesn’t lie in an inability to identify complex alerting operations across thousands of cloud resources or in a failure to follow identity resources, the problem lies in the accurate detection of known persistent threat actor ...

  • Airbus to migrate critical apps to a sovereign Euro cloud

    December 19, 2025

    Airbus is preparing to tender a major contract to migrate mission-critical workloads to a digitally sovereign European cloud – but estimates only an 80/20 chance of finding a suitable provider. The aerospace manufacturer, which has already consolidated its datacenter estate and uses services like Google Workspace, now wants to move key on-premises applications including ERP, manufacturing ...

  • Amazon security boss blames Russia’s GRU for years-long energy-sector hacks

    December 15, 2025

    Russia’s Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin’s snoops persistent access to sensitive networks, according to Amazon’s security boss. “The campaign demonstrates sustained focus on Western critical infrastructure, particularly the energy sector, with operations spanning ...

  • Microsoft says Azure was hit with a massive DDoS attack launched from over 500,000 IP addresses

    November 18, 2025

    Microsoft has said it successfully mitigated, “the largest DDoS attack ever observed in the cloud” after cybercriminals running the Aisuru botnet targeted a single endpoint, located in Australia. The attack was a sight to behold: more than 500,000 source IPs, across various regions, descended upon the endpoint, delivering a multi-vector Distributed Denial of Service (DDoS) attack ...

  • EY exposes 4TB+ SQL database to open internet for who knows how long

    October 29, 2025

    A Dutch cybersecurity outfit says its lead researcher recently stumbled upon a 4TB+ SQL Server backup file belonging to EY exposed to the web, effectively leaking the accounting and consulting megacorp’s secrets. Among the BAK file’s data were API keys, cached authentication tokens, session tokens, service account passwords, and user credentials, Neo Security’s writeup explained. Read more… Source: ...

  • SonicWall confirms all of its cloud backup customers were affected by data breach

    October 10, 2025

    All companies using SonicWall’s MySonicWall cloud backup feature have had their firewall configuration files exposed in a recent cyberattack, the company has admitted. After initially claiming “fewer than 5%” of its customer base was affected, the company has revealed the true scale of the incident. In mid-September 2025, SonicWall warned its firewall customers to reset their ...