A recent report from CrowdStrike Intelligence has shed light on a growing concern in the world of cloud security, where recruitment fraud is being used to gain access to cloud IAM, resulting in a $2 billion attack surface. The attack chain, known as the identity and access management (IAM) pivot, involves adversaries using trojanized Python and npm packages to steal developer credentials, which are then used to gain access to cloud IAM configurations.
The report highlights a case where attackers delivered malicious Python packages to a European FinTech company through recruitment-themed lures, pivoting to cloud IAM configurations and diverting cryptocurrency to adversary-controlled wallets. The attack was able to bypass email security gateways and left no digital evidence. CrowdStrike‘s SVP of intelligence, Adam Meyers, noted that the scale of the attack is significant, with over $2 billion associated with cryptocurrency operations run by one adversary unit. The company’s field CTO of the Americas, Cristian Rodriguez, explained that the revenue success has driven organizational specialization, with what was once a single threat group splitting into three distinct units targeting cryptocurrency, fintech, and espionage objectives.
The Cybersecurity and Infrastructure Security Agency (CISA) and security company JFrog have also tracked overlapping campaigns across the npm ecosystem, with JFrog identifying 796 compromised packages in a self-replicating worm that spread through infected dependencies. The research further documents WhatsApp messaging as a primary initial compromise vector, with adversaries delivering malicious ZIP files containing trojanized applications through the platform. The attack chain is becoming increasingly sophisticated, with adversaries tailoring employment-themed lures to specific industries and roles, and deploying specialized malware at FinTech firms.
The report emphasizes the need for runtime behavioral monitoring to detect credential exfiltration during the install process, as dependency scanning alone is not enough. Google Cloud‘s Threat Horizons Report found that weak or absent credentials accounted for 47.1% of cloud incidents in the first half of 2025, with misconfigurations adding another 29.4%. The report also highlights the importance of identity threat detection and response (ITDR) in addressing the gap in monitoring identity-based attacks.
OpenAI and other AI-related technologies are also being targeted, with the report noting that AI gateways excel at validating authentication but do not check whether the identity is behaving consistently with its historical pattern. The report cites the example of OpenClaw, an open-source autonomous AI agent that connects to email, messaging platforms, calendars, and code execution environments through model context protocol (MCP). The Cisco AI security research team has called the tool “groundbreaking” from a capability standpoint and “an absolute nightmare” from a security one.
The report concludes by emphasizing the need for organizations to audit their IAM monitoring stack against the three-stage attack chain, and to implement AI-specific access controls that correlate model access requests with identity behavioral profiles. As Nvidia, Ring, and other companies continue to invest in AI-related technologies, the need for robust security measures to protect against these types of attacks will only continue to grow.
In the next 30 days, organizations should validate their IAM monitoring stack against this three-stage chain, and implement measures such as runtime behavioral monitoring, ITDR, and AI-specific access controls to prevent similar attacks. The perimeter is no longer the primary concern, and identity is now the key battleground in the fight against cyber threats. As PwC‘s deputy leader for cyber, data and tech risk, Morgan Adamski, noted, getting identity right, including AI agents, means controlling who can do what at machine speed. The stakes are high, and organizations must take immediate action to protect themselves against these types of attacks.
Leave a Reply