How Attackers Gain Initial Access in Hybrid Environments by Lucie Cardiet

**Executive summary:** This advisory explains how attackers achieve initial access in modern hybrid environments—through exposed services and misconfigurations, supply-chain and package poisoning, credential theft/infostealers and identity-based attacks (SIM swap, MFA abuse), and nation-state living-off-the-land operations—and emphasizes detection based on network and identity telemetry rather than solely on preventive controls or endpoint agents.