Phishing Campaigns Abuse Trusted Cloud Platforms, Raising New Risks for Enterprises

ANY.RUN experts report a surge in phishing campaigns abusing trusted cloud and CDN platforms to bypass security controls and target enterprise users.

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

ANY.RUN experts are observing a new wave of phishing campaigns that abuse trusted cloud and CDN infrastructure, including platforms run by Google, Microsoft, and Cloudflare, as active hosting environments, not just delivery layers.

What’s changing isn’t the technique itself, but how consistently and deliberately it’s now used to bypass enterprise security controls. By hiding phishing kits inside legitimate cloud services and filtering victims to target corporate accounts, attackers reduce early detection and increase the chance of business-impacting outcomes such as account takeover, invoice fraud, and internal spread.

Why Trusted Cloud Hosting Changes the Detection Game

For years, phishing detection relied heavily on spotting ...