[devwastaken]

You don't have to attack cloud infra with actual code. You bribe company employees, either of the target company or one that creates systems for them/has access. Or simply scam 1 employee and use your RAT to later infiltrate. Scammers have been going pro and due to the many ridiculous policies of companies are not diffable from real emails/calls. It's easier and more effective, and it gets swept under the rug because closed source gets no public view and companies don't like revealing every time a employee falls for a scam.