logo

Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility

ID: 1ce5d9cb-b065-5b5c-ad42-069fb33ba943

STIX ID: report--1ce5d9cb-b065-5b5c-ad42-069fb33ba943

Feed Name: Palo Alto Networks Unit 42

Threat Score
70/100

Date Published: 2026-06-09

Date Updated: 2026-06-10

Author: Yahav Festinger

...
...

**Executive Summary:** This report analyzes attack techniques against cloud logging services (AWS CloudTrail and Google Cloud Logging), describing how adversaries can stop or redirect logs, delete storage or routers, tamper with encryption keys, and poison log files to evade detection or maintain continuous visibility, and it provides risk assessments and mitigations for defenders.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.