CISA and some its foreign partner agencies are warning that APT29 is using a variety of techniques to target cloud services and accounts.
One of the last executive orders for the outgoing Trump Administration authorized the Commerce Department to create "know your customer" rules for infrastructure-as-a-service providers.
Attack groups are increasingly focusing their attention on cloud platforms and services as common entry points for victim networks.
An attack group TeamTNT is using Weave Scope, an open source cloud monitoring and control tool to compromise Docker and Kubernetes instances as part of a cryptocurrency mining operation, security company Intezer said.
Google Cloud Confidential VMs, now in beta, allows customers to run workloads in the cloud on data that is encrypted while it's in use.