#BHUSA: Cloud Security Breaches Surge in 2025
▼ Summary
– Cloud intrusions surged by 136% in H1 2025 compared to all of 2024, driven by increased targeting of cloud environments by threat actors, including Chinese-nexus groups.
– Chinese state-linked actors Genesis Panda and Murky Panda demonstrated advanced cloud exploitation techniques, such as leveraging vulnerabilities and trusted relationships for persistence.
– Interactive, hands-on-keyboard intrusions rose 27% in H1 2025, showing threat actors’ preference for manual tactics to evade legacy detection tools.
– Scattered Spider re-emerged in April 2025, launching ransomware attacks and vishing campaigns, including sophisticated impersonation of employees to bypass IT help desks.
– Defense evasion techniques, such as masquerading and disabling security tools, were among the top 10 most used MITRE ATT&CK tactics in the past year.
Cloud security breaches have skyrocketed in 2025, with incidents during the first half alone exceeding total 2024 numbers by 136%, according to new findings from CrowdStrike’s latest threat report. The dramatic rise underscores how cybercriminals are refining their tactics to exploit vulnerabilities in cloud infrastructure, with state-sponsored groups leading the charge.
Chinese-linked threat actors accounted for a 40% increase in cloud intrusions, demonstrating advanced capabilities in navigating these environments. Two groups, Genesis Panda and Murky Panda, have been particularly aggressive. Genesis Panda specializes in breaching cloud systems through web-facing vulnerabilities, often acting as an initial access broker for intelligence gathering. Meanwhile, Murky Panda exploits trusted relationships between organizations and their cloud tenants, leveraging supplier compromises to infiltrate high-value targets.
The report, released during Black Hat USA 2025, also revealed a 27% year-over-year jump in hands-on-keyboard intrusions, where attackers manually navigate systems to evade automated detection. Unlike scripted attacks, these intrusions involve real-time adjustments, making them far harder to counter. Adversaries increasingly rely on discovery techniques to map networks and defense evasion tactics like masquerading or disabling security tools, methods that help them blend in while escalating privileges.
Another concerning trend is the resurgence of Scattered Spider, a cybercriminal group linked to ransomware attacks across retail, aviation, and insurance sectors. After a brief lull, the group ramped up operations in April 2025, employing highly convincing vishing (voice phishing) schemes. In one case, impersonators provided stolen employee IDs, birthdates, and even Social Security numbers to bypass IT help desk verification.
The surge in cloud breaches and evolving attack methods highlight the urgent need for organizations to strengthen identity verification, monitor lateral movement, and adopt behavioral detection tools to counter these sophisticated threats. With adversaries growing bolder, proactive defense strategies are no longer optional, they’re critical for survival.
(Source: InfoSecurity)
