How recruitment fraud turned cloud IAM into a $2 billion attack surface
FeaturedLouis Columbus February 6, 2026 A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer’s machine — GitHub personal access tokens, AWS API keys, Azure service principals and more — are exfiltrated, and the adversary is inside the cloud environment within minutes.Your email security never saw it. Your dependency scanner might have flagged the package. Nobody was watching what happened next.The attack chain is quickly becoming known as the identity and access management (IAM) pivot, and it represents a fundamental gap in how enterprises monitor identity-based attacks. CrowdStrike Intelligence research published on January 29…
