Cloudflare has released its first Threat Intelligence Report, outlining how cyber threats are evolving and how threat actors are adapting tactics, including greater use of AI and cloud-native techniques.

The report says China-linked actors have been targeting North American telecommunications, government, and IT services in efforts associated with long-term espionage. It also describes North Korea-linked activity that uses remote IT worker schemes to generate revenue, supported by tactics such as deepfakes, fake online profiles, remote monitoring and management tools, and “laptop farm” setups.

It highlights a broader shift toward abusing legitimate cloud and SaaS platforms in attack chains to blend in with normal activity and bypass security controls, including using common services for command-and-control signaling or hosting malware payloads. The report also notes that attackers are using AI to operate within complex SaaS environments and exploit integrations, increasing the risk of supply-chain-style compromises.

Cloudflare’s report reinforces that link-based phishing remains a major entry point, pointing to weaknesses in email authentication adoption. It also flags that very large, fast-spiking DDoS attacks are becoming common, reducing the time available for manual response.

Finally, it notes that business email compromise continues to drive attempted financial theft at scale, with significant dollar values tied to payment diversion and fraud requests.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!