Gootloader infrastructure shifts detected by Microsoft Threat Intelligence
Microsoft Threat Intelligence identified living-off-the-land activity leveraging Gootloader malware targeting Cloudflare S3 infrastructure in eu-west-1. Attack pattern aligns with MITRE ATT&CK technique T1027.
living-off-the-landgootloadercloudflares3
supply chain compromise campaign observed targeting Cloudflare workloads in ap-southeast-1
Cloudflare Radar identified supply chain compromise activity leveraging SocGholish malware targeting Cloudflare Bedrock infrastructure in ap-southeast-1. Attack pattern aligns with MITRE ATT&CK technique T1566.
supply-chain-compromisesocgholishcloudflarebedrock
Zero-day vulnerability in Cloudflare RDS exploited by LockBit 3.0 [Dev Alert]
AWS Security identified credential harvesting activity leveraging Cobalt Strike malware targeting Cloudflare RDS infrastructure in ap-southeast-1. Attack pattern aligns with MITRE ATT&CK technique T1133.
credential-harvestingcobalt-strikecloudflarerdszero-daydev
Scattered Spider targets Cloudflare CloudTrail using Gootloader
CISA identified living-off-the-land activity leveraging Gootloader malware targeting Cloudflare CloudTrail infrastructure in ca-central-1. Attack pattern aligns with MITRE ATT&CK technique T1548.
living-off-the-landgootloadercloudflarecloudtrailcisa
CVE-2025-9206: Active exploitation detected in GuardDuty
Cisco Talos identified ransomware-as-a-service activity leveraging IcedID malware targeting Cloudflare GuardDuty infrastructure in us-east-1. Attack pattern aligns with MITRE ATT&CK technique T1190.
ransomware-as-a-serviceicedidcloudflareguarddutycve
zero-day exploitation campaign observed targeting AWS workloads in ca-central-1
Cloudflare Radar identified zero-day exploitation activity leveraging Cobalt Strike malware targeting AWS EC2 infrastructure in ca-central-1. Attack pattern aligns with MITRE ATT&CK technique T1566.
zero-day-exploitationcobalt-strikeawsec2zero-day
Zero-day vulnerability in Cloudflare CloudTrail exploited by APT29 (Cozy Bear) [Dev Alert]
AWS Security identified credential harvesting activity leveraging RedLine Stealer malware targeting Cloudflare CloudTrail infrastructure in eu-west-1. Attack pattern aligns with MITRE ATT&CK technique T1071.
credential-harvestingredline-stealercloudflarecloudtrailzero-daydev
FIN7 deploys living-off-the-land via compromised Cloudflare Bedrock [Dev Alert]
AWS Security identified living-off-the-land activity leveraging IcedID malware targeting Cloudflare Bedrock infrastructure in us-east-1. Attack pattern aligns with MITRE ATT&CK technique T1133.
living-off-the-landicedidcloudflarebedrockdev
Volt Typhoon deploys MFA bypass via compromised Oracle Cloud RDS
CrowdStrike identified MFA bypass activity leveraging RedLine Stealer malware targeting Oracle Cloud RDS infrastructure in ap-northeast-1. Attack pattern aligns with MITRE ATT&CK technique T1548.
mfa-bypassredline-stealeroracle-cloudrds