{"id":36907,"date":"2020-09-01T12:05:16","date_gmt":"2020-09-01T12:05:16","guid":{"rendered":"https:\/\/blog.trendmicro.com\/?p=544488"},"modified":"2020-09-01T12:05:16","modified_gmt":"2020-09-01T12:05:16","slug":"the-life-cycle-of-a-compromised-cloud-server","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/","title":{"rendered":"The Life Cycle of a Compromised (Cloud) Server"},"content":{"rendered":"<p><img decoding=\"async\" width=\"300\" height=\"165\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-300x165.jpg\" class=\"attachment-medium size-medium wp-post-image\" alt loading=\"lazy\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-300x165.jpg 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-768x422.jpg 768w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-640x352.jpg 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-440x242.jpg 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6-380x209.jpg 380w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/cloud6.jpg 800w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"> <\/p>\n<p>Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/commodified-cybercrime-infrastructure-exploring-the-underground-services-market-for-cybercriminals\" target=\"_blank\" rel=\"noopener noreferrer\">the second<\/a> in this three-part series of reports which detail the what, how, and why of cybercriminal hosting (see the first part <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cybercrime-and-digital-threats\/hacker-infrastructure-and-underground-hosting-101-where-are-cybercriminal-platforms-offered\">here<\/a>).<\/p>\n<p>As part of this report, we dive into the common life cycle of a compromised server from initial compromise to the different stages of monetization preferred by criminals. It\u2019s also important to note that regardless of whether a company\u2019s server is on-premise or cloud-based, criminals don\u2019t care <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/campaigns\/art-of-cybersecurity\/it-security\/hybrid-cloud-game-changer-security.html\" target=\"_blank\" rel=\"noopener noreferrer\">what kind of server<\/a> they compromise.<\/p>\n<p>To a criminal, any server that is exposed or vulnerable is fair game.<\/p>\n<p><strong>Cloud vs. On-Premise Servers<\/strong><\/p>\n<p>Cybercriminals don\u2019t care where servers are located. They can leverage the storage space, computation resources, or steal data no matter what type of server they access. Whatever is most exposed will most likely be abused.<\/p>\n<p>As digital transformation continues and potentially picks up to allow for continued remote working, cloud servers are more likely to be exposed. Many enterprise IT teams, unfortunately, are not arranged to provide the same protection for cloud as on-premise servers.<\/p>\n<p>As a side note, we want to emphasize that this scenario applies only to cloud instances replicating the storage or processing power of an on-premise server. Containers or <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/virtualization-and-cloud\/shedding-light-on-security-considerations-in-serverless-cloud-architectures\" target=\"_blank\" rel=\"noopener noreferrer\">serverless functions<\/a> won\u2019t fall victim to this same type of compromise. Additionally, if the attacker compromises the cloud account, as opposed to a single running instance, then there is an entirely different attack life cycle as they can spin up computing resources at will. Although this is possible, however, it is not our focus here.<\/p>\n<p><strong>Attack Red Flags<\/strong><\/p>\n<p>Many IT and security teams might not look for earlier stages of abuse. Before getting hit by ransomware, however, there are other red flags that could alert teams to the breach.<\/p>\n<p>If a server is compromised and used for <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/cryptocurrency-mining\" target=\"_blank\" rel=\"noopener noreferrer\">cryptocurrency mining<\/a> (also known as cryptomining), this can be one of the biggest red flags for a security team. The discovery of cryptomining malware running on any server should result in the company taking immediate action and initiating an <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/managed-detection-and-response\/cyberattacks-from-the-frontlines-incident-response-playbook-for-beginners\" target=\"_blank\" rel=\"noopener noreferrer\">incident response<\/a> to lock down that server.<\/p>\n<p>This <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/indicators-of-compromise\" target=\"_blank\" rel=\"noopener noreferrer\">indicator of compromise<\/a> (IOC) is significant because while cryptomining malware is often seen as less serious compared to other malware types, it is also used as a monetization tactic that can run in the background while server access is being sold for further malicious activity. For example, access could be sold for use as a server for underground hosting. Meanwhile, the data could be exfiltrated and sold as personally identifiable information (PII) or for industrial espionage, or it could be sold for a targeted ransomware attack. It\u2019s possible to think of the presence of cryptomining malware as the proverbial canary in a coal mine: This is the case, at least, for several access-as-a-service (AaaS) criminals who use this as part of their business model.<\/p>\n<p><strong>Attack Life Cycle<\/strong><\/p>\n<p>Attacks on compromised servers follow a common path:<\/p>\n<table>\n<tbody readability=\"9\">\n<tr readability=\"18\">\n<td width=\"10px\"><\/td>\n<td>\n<ol>\n<li><strong>Initial compromise:<\/strong> At this stage, whether a cloud-based instance or an on-premise server, it is clear that a criminal has taken over.<\/li>\n<li><strong>Asset categorization:<\/strong> This is the inventory stage. Here a criminal makes their assessment based on questions such as, what data is on that server? Is there an opportunity for lateral movement to something more lucrative? Who is the victim?<\/li>\n<li><strong>Sensitive data exfiltration:<\/strong> At this stage, the criminal steals corporate emails, client databases, and confidential documents, among others. This stage can happen any time after asset categorization if criminals managed to find something valuable.<\/li>\n<li><strong>Cryptocurrency mining:<\/strong> While the attacker looks for a customer for the server space, a target attack, or other means of monetization, cryptomining is used to covertly make money.<\/li>\n<li><strong>Resale or use for targeted attack or further monetization:<\/strong> Based on what the criminal finds during asset categorization, they might plan their own targeted ransomware attack, sell server access for industrial espionage, or sell the access for someone else to monetize further.<\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<tr>\n<td height=\"10px\"><\/td>\n<td><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<div id=\"attachment_544489\" class=\"wp-caption aligncenter\" readability=\"32\"><img decoding=\"async\" aria-describedby=\"caption-attachment-544489\" loading=\"lazy\" class=\"wp-image-544489 size-full\" src=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server.png\" alt=\"lifecycle compromised server\" width=\"729\" height=\"573\" srcset=\"https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server.png 729w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server-300x236.png 300w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server-640x503.png 640w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server-440x346.png 440w, https:\/\/blog.trendmicro.com\/wp-content\/uploads\/2020\/08\/compromised-server-380x299.png 380w\" sizes=\"auto, (max-width: 729px) 100vw, 729px\"><\/p>\n<p id=\"caption-attachment-544489\" class=\"wp-caption-text\">The monetization lifecycle of a compromised server<\/p>\n<\/div>\n<p>Often, targeted ransomware is the final stage. In most cases, asset categorization reveals data that is valuable to the business but not necessarily valuable for espionage.<\/p>\n<p>A deep understanding of the servers and network allows criminals behind a targeted ransomware attack to hit the company where it hurts the most. These criminals would know the dataset, where they live, whether there are backups of the data, and more. With such a detailed blueprint of the organization in their hands, cybercriminals can lock down critical systems and demand higher ransom, as we saw in our 2020 midyear <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/research-and-analysis\/threat-reports\/roundup\/securing-the-pandemic-disrupted-workplace-trend-micro-2020-midyear-cybersecurity-report\" target=\"_blank\" rel=\"noopener noreferrer\">security roundup report<\/a>.<\/p>\n<p>In addition, while a ransomware attack would be the visible urgent issue for the defender to solve in such an incident, the same attack could also indicate that something far more serious has likely already taken place: the theft of company data, which should be factored into the company\u2019s response planning. More importantly, it should be noted that once a company finds an IOC for cryptocurrency, stopping the attacker right then and there could save them considerable time and money in the future.<\/p>\n<p>Ultimately, no matter where a company\u2019s data is stored, <a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/hybrid-cloud.html\" target=\"_blank\" rel=\"noopener noreferrer\">hybrid cloud security<\/a> is critical to preventing this life cycle.<\/p>\n<p>&nbsp;<!-- AddThis Advanced Settings above via filter on the_content --><!-- AddThis Advanced Settings below via filter on the_content --><!-- AddThis Button BEGIN --><\/p>\n<p> Read More <a href=\"https:\/\/blog.trendmicro.com\/the-lifecycle-of-a-compromised-cloud-server\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Micro Research has developed a go-to resource for all things related to cybercriminal underground hosting and infrastructure. Today we released the second in this three-part series of reports which detail the what, how, and why of cybercriminal hosting (see the first part here). As part of this report, we dive into the common life&#8230;<br \/>\nThe post The Life Cycle of a Compromised (Cloud) Server appeared first on . Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":36908,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[1252,536,8896,106,550,8897,8898,306,91,307,2999,5207],"class_list":["post-36907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-cloud","tag-cloud-security","tag-compromised-server","tag-cryptomining","tag-cybercrime","tag-cyprocurrency-mining","tag-lifecycle","tag-network","tag-ransomware","tag-security","tag-targeted-attacks","tag-targeted-ransomware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-01T12:05:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"300\" \/>\n\t<meta property=\"og:image:height\" content=\"165\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"The Life Cycle of a Compromised (Cloud) Server\",\"datePublished\":\"2020-09-01T12:05:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/\"},\"wordCount\":888,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/the-life-cycle-of-a-compromised-cloud-server.jpg\",\"keywords\":[\"cloud\",\"Cloud Security\",\"Compromised Server\",\"cryptomining\",\"Cybercrime\",\"Cyprocurrency Mining\",\"Lifecycle\",\"Network\",\"ransomware\",\"Security\",\"Targeted Attacks\",\"targeted ransomware\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/\",\"name\":\"The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/the-life-cycle-of-a-compromised-cloud-server.jpg\",\"datePublished\":\"2020-09-01T12:05:16+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/the-life-cycle-of-a-compromised-cloud-server.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/the-life-cycle-of-a-compromised-cloud-server.jpg\",\"width\":300,\"height\":165},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/the-life-cycle-of-a-compromised-cloud-server\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"cloud\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/cloud\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Life Cycle of a Compromised (Cloud) Server\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/","og_locale":"en_US","og_type":"article","og_title":"The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-09-01T12:05:16+00:00","og_image":[{"width":300,"height":165,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"The Life Cycle of a Compromised (Cloud) Server","datePublished":"2020-09-01T12:05:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/"},"wordCount":888,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg","keywords":["cloud","Cloud Security","Compromised Server","cryptomining","Cybercrime","Cyprocurrency Mining","Lifecycle","Network","ransomware","Security","Targeted Attacks","targeted ransomware"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/","url":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/","name":"The Life Cycle of a Compromised (Cloud) Server 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg","datePublished":"2020-09-01T12:05:16+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/09\/the-life-cycle-of-a-compromised-cloud-server.jpg","width":300,"height":165},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/the-life-cycle-of-a-compromised-cloud-server\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"cloud","item":"https:\/\/www.threatshub.org\/blog\/tag\/cloud\/"},{"@type":"ListItem","position":3,"name":"The Life Cycle of a Compromised (Cloud) Server"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36907","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=36907"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/36907\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/36908"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=36907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=36907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=36907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}