cloud_threat_horizons_report_h12026.pdf (5 MB)

Google Cloud’s H1 2026 Threat Horizons report includes a DPRK-relevant case where North Korean actors used living-off-the-cloud techniques after social engineering created a personal-to-corporate access path. The actors bypassed traditional network perimeters, pivoted from a compromised endpoint into cloud infrastructure, compromised Kubernetes, and stole millions in cryptocurrency. In the broader cloud context, Google highlights faster exploitation of third-party vulnerabilities, identity compromise, token theft, and cloud-native data theft as major pressures on defenders. The DPRK section underscores why cloud identity boundaries, endpoint-to-cloud visibility, Kubernetes hardening, and automated controls are important for organizations exposed to cryptocurrency theft and cloud abuse.