Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials
Cloud Attackers Now Prefer Vulnerability Exploits Over Credentials
https://www.infosecurity-magazine.com/news/cloud-attackers-prefer-exploits/
Publish Date: 2026-03-10 11:30:00
Source Domain: www.infosecurity-magazine.com
Google Cloud has warned that threat actors targeting cloud environments now favor campaigns which gain initial access by exploiting software vulnerabilities over credential-based attacks.
Published on 9 March, the Google Cloud Office of the CISO’s H1 2026 Google Cloud Threat Horizons Report, details how the cloud threat landscape evolved based on how attackers attempted to target Google Cloud services during the second half of 2025.
“Our team has observed a fundamental shift in the landscape,” said Crystal Lister, security advisor and head of cloud threat horizons report program for Office of the CISO, at Google Cloud.
Traditionally, threat actors have relied on weak or missing credentials and misconfigurations to gain access to Google Cloud environments.
However, the second half of 2025 saw threat actors increasingly turn towards exploiting unpatched third-party vulnerabilities.
In total, third-party software-based entry accounted for 44.5% of primary entry vectors during the second half of 2025. This represents a significant increase from the 2.9% observed during the first half of the year.
In comparison, abuse of weak or absent credentials as an entry point dropped from 47.1% in the first half of the year, down to 27.2% in the second half.
React2Shell Top Targeted Vulnerability
One of the most commonly software vulnerabilities used to target cloud services was CVE-2025-55182, more commonly known as React2Shell, a critical remote code execution vulnerability in React Server Components.
The vulnerability can enable attackers to take control of servers and compromise data. It has been tied to cyber-attacks by nation-state threat actors linked to both North Korea and China.
“While Google Cloud’s underlying infrastructure remains secure, threat actors are successfully targeting unpatched applications and permissive user-defined firewall rules,” said Google Cloud.
The company also warned that attackers have also got quicker at the mass…
