How CrowdStrike Hunts, Identifies and Defeats Cloud-Focused Threats

The CrowdStrike 2024 Threat Hunting Report highlights a rise in cloud-targeted intrusions, profiling adversaries such as SCATTERED SPIDER and COZY BEAR who use cross-domain techniques to compromise cloud control planes, obtain credentials, and persist in cloud-hosted VMs; it presents a May 2024 case study of a credential-phishing intrusion that leveraged a VM management agent to execute commands and establish persistence, and it recommends cloud threat hunting, configuration standardization, least privilege, and network filtering to detect and mitigate these threats.