AI Deepfakes & Laptop Farms: Inside the 2026 Cloudflare Threat Report

Hello everyone and welcome to This Week in NET. This is a special edition about the 2026 Cloudflare Threat Report. I'm your host João Tomé based in Lisbon, Portugal and with me I have Brian Carter and Chris Pacey. Hello. Hey there. Hey, how's it going? Before we jump into the actual report, why not also give a glimpse to folk that don't know too much about this area of threat intelligence and this type of analysis? What is the main thing that people don't realize about this area in particular that they should? That is important. Maybe I could start, Chris, and say that I think when it comes to marketing threat intelligence, like we have a product around it, we want our customers to be able to use the data that we provide or analysis to make better decisions. In some cases, that's a really kind of small tactical thing where they're taking individual indicators from us and using that to block something in their network. At a larger scale or a higher level, they might be making decisions about what's important architecture-wise in their network or which threats they need to prioritize. And our data certainly gives us a unique perspective on that that they won't find from other researchers. Absolutely echo Brian's points. I guess listeners may know that Cloudflare process over 20% of global Internet traffic. A huge, huge vast swathe of the Internet comes through Cloudflare. And I guess that means that we're in a unique position there to see patterns emerging before they really become widespread. Makes sense. One of the things that is quite obvious in this threat report is it shows, and this is the tagline actually, how adversaries are weaponizing the Internet. If in terms of the main takeaways that people should also understand of why we did this in terms of doing an actual report that anyone can check, other companies, customers, what was the main driver of doing the report actually? Who wants to start? Yeah, so I can jump in on that one. So yeah, I mean, we're really excited for this report. I mean, it represents months of work analyzing threat activity across state actors, Russia, China, Iran, North Korea, predominantly, as well as cyber criminal activity. And I guess we've distilled all that into actual intelligence that security teams can use. And we've seen the threat landscape constantly evolving fundamentally, I guess, this past year, seeing kind of weaponization of identity, industrialization of software as a service supply chain attacks, huge increase in kind of hyper volumetric DDoS strikes that come out vastly outweighing human intervention. And so I think it's really exciting for us to use, like I said, that kind of visibility that we've got of 20% of the Internet there to really demonstrate and display the patterns that we're seeing, and hopefully turn that into kind of intelligence and information that security teams can use. Anything you want to add there, Brian? Yeah, I think the report, you know, for people wondering who it might be for, this is something that's written in a very kind of a way that you might find in news media, kind of at that level. It's designed to inform a broad range of people. If you're a very technical person, you probably won't find indicators in there. But I'm certain you'll learn something new about sort of the interests of different threat actor groups that abuse Cloudflare's infrastructure. Makes sense. In terms of the period that it covers, it's of course current, like the latest months, but is there a period that is more focused on in terms of the trends we've seen? Yeah, I think it's mainly designed to be something that covers 2025 up till, you know, the date of publication. But it's often necessary to include data before that so that we can kind of measure trends over a longer period of time. And the comparisons as well, right? You can compare like new trends because before this was not a topic and now it is. So that comparison with what it was before and what it is now is quite important also to track what is changing and what attackers are more involved now than before, right? Those things are also relevant in terms of comparisons. Yeah, I think that's, I just jumped in there, Brian, sorry. I think that's particularly noticeable when you start looking at some of the DDoS attacks that we've seen in the last year. And I think that's where it's, although it is a kind of summary of 2025, I think that's where it's really valuable there to look back at past data. You know, we saw something like 47.1 million attacks in 2025. That's doubled from 2024. The largest, we saw the largest botnet attack reaching kind of over 31 terabytes per second. That's six times the record in 2024. Yeah, as you say, it does really help to look back and kind of see what the trends are and what the kind of scale of the threat is increasing. Yeah, those hyper volumetric DDoS attacks are definitely, and we published many blog posts recently, are definitely record upon record being broke specifically. So more tools, more possibilities also for attackers to do more harm specifically. On the key findings, takeaways here specifically, what are the AI-driven changes you've seen that we can target and explain to folks who want to start? Yeah, I think all of this is very interesting and also quite new. You know, when we started using AI tools a few years ago, you know, like the modern LLM type of tools, they were very interesting, but kind of hard to picture how they might be leveraged in cybersecurity specifically. And then over the last year, we've just seen an explosion of different fantastic use cases, reliable use of agents, and unfortunately, you know, threat actors have also learned the capabilities quite well. And leveraging a range of AI capabilities from how do I do this, how do I accomplish this task, and asking a chatbot all the way to using agents to perform specific recon tasks and so forth. Chris wants to add on to that for a specific case. Yeah, exactly. You know, at this point, use of AI is not new, but I guess it's interesting to see how threat actors are evolving the use of it, and how they're really using it to speed up their operations, whether it's turning around end-day vulnerabilities into capabilities that they can use for mass exploitation, and then almost ask the question of, well, where have we gained access after the fact? So that, you know, they're very much using capabilities to gain accesses and then figure out kind of what value there is there. But also we're seeing cases where threat actors are actually using AI during their operations to navigate new or complex unfamiliar environments. As kind of Brian suggested there, you know, asking AI how to navigate these environments to find the intelligence that they're after. And so actually the length of time they're needing to, between gaining access and retrieving the sensitive data that they're going after is significantly reduced by leveraging AI, which is, I think, quite interesting. One of the things that, looking at the report, we can also see, I found really interesting, is that the fact that the attackers are leveraging the victim's own cloud or SaaS or AI infrastructure to fund and scale the missions. And that's happening like in a high velocity, as you were saying, that it's much easier and fast and efficient to do harm because of those tools, and those tools are improving. So attackers are also improving there, and of course the defenses as well. But in terms of this layer of leveraging a victim's own cloud, SaaS, or AI infrastructure, do you have like specific examples that you can say, even like more general ones, that you can give us a glimpse of what harm is that doing really, for example? Who wants to start? I can kick a quick example and then maybe Brian, I don't know if you want to follow up with one example. But yeah, we've seen Chinese-affiliated threat actors. So Frumpy Toad, for example, we track an SS-affiliated threat actor using the living off the cloud tactics, really. So to blend their C2 traffic into legitimate enterprise ecosystems, making that detection much more difficult. So in this case, we actually observed Frumpy Toad leveraging a sophisticated cloud-to -cloud C2 loop using Google Calendar to blend in with that legitimate traffic. They had technically started off with traditional spear phishing, in this case, redirecting victims to compromised government sites, hosting malicious zip files that ultimately triggered the deployment of a new malware variant called Tough Progress. And that malware then reads and writes encrypted commands into Google Calendar event descriptions, allowing then the threat actor to communicate with those infected hosts without the hosts ever actually connecting to anything but on the wire, which is malicious. You know, they've connected to a legitimate government site at the start and the C2 comms are then happening over Google Calendar. So yeah, really interesting use there of the cloud and blending their comms to try and avoid detection. Yeah. And then adding on to that, some specific examples, we see kind of a range or an ecosystem of different crime services that relate to the theft of compute and cloud services, like this sort of phishing that collects credentials specifically for these environments that all have themes around a single sign-on. And then, you know, people who specialize in exploiting access to these different resources that they can find sensitive data that's marketable in the criminal underground and people who will exploit that stolen data for a financial gain, typically. Makes sense. One of the things that I will also notice in the report is, it's also about incentives and who is behind some of these attacks. And there's a specific area about those and some of these groups that are created, but also about the fact that there's state -sponsored groups here compromising critical infrastructure resilience. There's a lot there. And why not, like, explain a bit of what state-sponsored attackers are doing and the current situation? These are not new, of course, over the years there have been many, but how has those evolved specifically? Because those have a clear incentive of why they want to destabilize infrastructure in Brazil. Yeah, I'll start with this one and talk about maybe the most obvious attacks on critical infrastructure involve the battlefield in Ukraine where, you know, Russian-sponsored actors, you know, target the energy infrastructure, as well as systems that are used for battlefield support. That's probably the most obvious case there where they're trying to turn the lights off and take away the ability to manufacture and deliver weapons in Ukraine. Yeah, I can follow that with, maybe I'll give two examples here. Yeah, to start with Punitoad, another Chinese state-sponsored group, and they really specialize in the kind of exploitation of edge network appliances, particularly for persistent pre-positioning and the long-term espionage. And with a real focus here on maintaining long-term access to organizations across a range of industry verticals, but predominantly focused on the United States. And so we've tracked throughout 2025 and continue to see the evolution of the group, gaining initial access through these edge network devices, and in many cases, employing a malware -varying brick storm to fulfill for long -term persistence. The dwell time here of these actors is significantly longer than we see in other cases. For example, we saw Punitoad maintain persistent access to F5 systems for over a year, exfiltrating source code and documentation and underclosed vulnerabilities to then go on and feed future operations as well. So that's a constantly evolving landscape there. But we also see it on the Iranian front as well. We see particularly some of the Iranians start to blur the lines between kind of traditional cyber espionage and kinetic strikes and military action. And so we've seen some of the IRGC -related threat actors conducting reconnaissance of maritime vessels, shipping vessels, monitoring CCTV footage for battle damage assessment. And we're seeing this activity kind of both in the buildup to kind of kinetic action and then afterwards as well for, like I said, for battle damage assessment. So yeah, we've seen the kind of blurring of the lines between the digital and the kind of physical space. One of the things that actually I think is actually the first case study, the first thing that we have in the report is about more over -sophistication. Can we explain what is that specifically and why is that important? Yeah, absolutely. So I think this is around, you know, measure of effectiveness really mattering more than technical elegance. You know, if you went back a few years, I think there was very much a trend of threat actors coming up with the most elaborate, sophisticated, elegant solution to their operations. And, you know, we saw this with very large scale malware. Today, you know, with the aid of AI, we're pretty much seeing a kind of in favor of industrialized, high volume attacks, reducing the amount of effort they're having to put into to achieve much higher levels actually of success. So whether that's turning around new vulnerabilities into exploits, whether that's weaponizing new capabilities quicker, mass exploitation, gaining access wherever they can. And then, you know, like I said, retrospectively conducting that analysis of, you know, actually what access is valuable. And we touched on it already in terms of how then the actual speed of the operations once they gained access is being increased with AI to actually help navigate those complex environments. And there's even a case study about OpenCode exploit here specifically. OpenCode, it's very much used these days as an AI tool to build things, quite astonishing. But there's possibilities for attackers there as well in terms of this AI, a very specific tool, right? Yeah, I think there's many avenues for exploitation in these environments where people are developing very quickly and learning about the potential risks as they're exploited in real time practically. And the use of tools like OpenCode with agents and MCP and other tools that make them very, very useful, I think we'll continue to see exploitation of MCP services or other things where the sort of supply chain of services that make OpenCode and other tools very useful will be targets for exploitation in the future. For those that are concerned about the things that we're discussing, what are the things they should be aware of in terms of protection, in terms of not letting some of these issues touch them and be problematic for them? What can we say there? I missed the first part of that. I missed the first part of your question there. Oh, sorry. So for those who want to be protected and are a bit scared from the things that we just said, including like OpenCode and things like that, what should they know to be protected? What should be on their minds to be safe from harm? I think there are a wide variety of concerns. And unfortunately, we're still learning about a lot of the potential for exploitation there. And the first approach that I would take, and it's something internally at Cloudflare that we have limitations, what developers and people like Chris and me are allowed to do with AI tools, so that as an individual, I can't just say, I want to try all these different tools out there and expose myself to a much broader range of potential risks. And so maybe limiting the field of risk, I think, is probably the first step. And beyond that, using tools that will evaluate requests to an MCP or any third-party service from an agent, especially those that can work independently. Yeah. And just to touch on a couple of things that I guess we haven't spoken too much about, but we've seen several examples of, I guess, SaaS environments and third-party integrations being used by third actors to gain access to the target environments. The Salesforce breach earlier last year was a key example of this. And so I think really looking at those, I guess, integrations and the missions that go along with that, applying kind of least privilege and looking for those overprivileged tokens, I think is really important as we kind of operate in a more interconnected world. And then I guess, again, we haven't really touched on too much around the DPRK, North Korean IT workers, but really I'm seeing a huge, I guess, shift in the scale of those operations in terms of embedding workers into Western companies, the scale at which they're applying for roles and getting those in Western companies. So again, it's not just the traditional kind of security network edge boundaries, but it's everything through the recruitment process. You know, that human verification during that remote hiring loop is ever increasingly important. That's really interesting. Why not go more there? One of the things that the report definitely mentions as a new trend is the industrialization of insider threats that goes along with what you were saying. And this goes to the realm, I would say, that is a bit more physical world, not only Internet world in terms of attacks, about recruitment. So a different area of a company than usually you see the typical attack, it can be an attack via recruitment because a threat out there, like the North Korean situation you mentioned, goes and tries to go into a company to have access to those, to the internal tools, because someone hired someone that is a bad actor. First, how more frequent is that now that we're seeing? And then what are the main takeaways we can share? You already shared a few, but maybe more specifics there would be interesting. Who wants to go? Chris, you were talking about that. You want to go? Or Ryan? Did you want to jump in? About the IT workers, Chris, then maybe I can pick it up. Yeah, exactly. So, yeah, picking up on the, I guess, the IT workers scheme, they will be using AI -driven deepfakes to bypass video interviews, like I said, applying at industrial scale, full roles. And I guess the ultimate objective is to maintain that illusion of residency in typically Western nations, commonly US-based workers, where they would operate a laptop farm. So you've got a room full of laptops that are logged into the corporate networks of the organizations that they manage to gain roles within. But actually, ultimately, that is providing a proxy through various different remote management tools, VPNs, any desk, all sorts of different solutions there to provide a proxy back to actual kind of North Korean cyber actors. And we're seeing interesting developments in how they pretend to be legitimate users when they're not there with kind of jiggling software and specific kind of video metadata artifacts and so on. And that's increasingly becoming a huge threat to, I would say, a huge swathe of organizations. Yeah. One recent case that we learned about because of a Department of Justice report was a Ukrainian national was recently extradited to the US for running one of these laptop farms in Kyiv, but all the payments were going to US -based bank accounts. And this individual, one of the reasons this is significant is that he ran a website recruiting people for this purpose. People came to the website and sort of the individual orchestrated both ship me your laptops and I'll coordinate the payments to US accounts and then transfer the money back to North Korea. So yeah, there's maybe an increasing level of sophistication and interest from actors outside the US as well and participating and receiving money for these IT worker schemes. It's interesting because remote workers are really frequent since the pandemic and you can see that they're leveraging exactly that. And with AI, deep fakes are also easy. Someone talking with a different face, it's really easy in terms of even voice, it's really easy to change. So if it's virtual, you're not sure that will be real. It's interesting that attackers use that for this purpose. Having like real world conversations will solve that potentially, hopefully at least make that a little bit more tricky. I interview a lot of people, we interview a lot of people for jobs at CloudForce One. And that's the first thing on our mind is like, are we talking to the person that we think we're talking to? And then subtle sort of behavior ticks and things like that. We all discuss it, could this have been some kind of AI generated thing or is somebody else feeding them answers or something like that? Yeah. One other thing that's worth mentioning when it comes to insiders is on the cybercrime front, there's been a series of different ransomware groups that are trying to recruit people inside of companies. I'm sorry to change the subject from AI here, but really kind of a very direct approach to try to recruit people in these large companies to install malware or post exploitation tools that would give criminals access to that large enterprise and they could spread the malware with the help of an inside employee. And there aren't a lot of reports of success about this, but there are many, many reports of people receiving these sort of recruiting offers and some very well-known companies. We already touched a bit on the phishing as a service bots to bypass standard protection, but there was another key takeaway from the report that I find really interesting, which is the token theft is neutralizing multi-factor authentication, which is also an important one in terms of we're always saying multi -factor authentication is really important to be safe, but in this situation, there could be issues there. Can we say about this one specifically? Yeah, two things there. The first one is I would not, you know, hesitate to recommend two-factor authentication or multi-factor authentication. I think what's being exploited here are really the adaptive systems that try to measure, you know, what do I know about Chris's laptop here? Where is he connecting from? And what are the attributes of his web browser? And if those are off a little bit, maybe we'll force them to re-authenticate. And, you know, the dynamics or the sort of decision trees for making these determinations about whether or not to re-authenticate can be quite complex. And in some cases, people have just decided, hey, let's just let these tokens live for a very long time. And if an information stealer like Luma or, you know, before that Redline would steal these tokens from a user's browser, a criminal would be able to use that to sign into somebody's YouTube account, for example, and then pump crypto scams to people on that very popular channels platform. And so that's a really common approach, but it doesn't work all the time, right? We look at crime markets that sell these tokens along with browser fingerprints and the credentials necessary to sign in. And compared to, say, all the computers that are available in a crime market with accounts for common services, there's a much smaller fraction of tokens that are available and they don't live forever, right? Like you're gonna, there'll be a point at where this token expires and if you're buying that, you know, you may have to deal with that many times. So I wouldn't say don't rely on multi-factor authentication. Instead, I would say think about the compromise of these tokens when you design a system that might prompt somebody to authenticate again and when should that happen. Makes sense. Regarding the key takeaways, there's a section also of the report that actually gives very specifics on the attackers, where are they based, what we know about them. That's also really interesting in terms of specifics. People can check that out from the report. But from all of that list of different attackers, we already mentioned Iranians, North Korea. What are the other things that we should highlight by them? Is there like one or two that is more dangerous than the others that we could highlight there? Yeah, so I can jump in there with an example. We see a huge number of human -in-the-loop approach to cyber activity across the range of threat actors. The Iranians particularly and some of the IRGC actors are very prolific for this. And this goes kind of beyond the traditional spear phishing to the point where they are really trying to build a relationship with their victims, build that trust and that understanding, rather than just delivering traditional kind of phishing links out of the blue that maybe aren't very effective. So, you know, being cognizant of who you're talking to. Do you understand that person? Do you trust that person? Because, you know, we're seeing many recruitment, career-themed, job application-themed campaigns now targeting victims in this way. And they're incredibly successful and they're incredibly believable as well. So, you know, being invited to an interview, but using actually kind of a fake Google Meet or Microsoft Teams invitation. Again, we talked about the kind of using cloud services for, you know, an air of legitimacy. So, you know, hosting what are actually malicious payloads on sites, such as kind of OneDrive or OnlyOffice, which ultimately then we're seeing deploy malware, which in turn, again, in terms of that kind of legitimate use of, sorry, malicious use of legitimate cloud infrastructure, we're seeing then that malicious activity call out to places such as GitHub or Azure websites for C2 or Discord channels, all again, blending in with that normal looking traffic, making it harder to detect. So, yeah, I think that's sort of quite an interesting evolution of some of their tactics. I think as far as Russia and more broadly, Cybercrime, for Cloudflare, when we introduce a new researcher to the environment, one of the first things that they'll learn is that not every nation state exploits or abuses Cloudflare's infrastructure, but some of the ones that do seem to really like Cloudflare. And Nasty Shrew, for example, that's mentioned in the report, is one that we spend quite a lot of time studying both internally, also within trust groups and directly with people who are dealing with it in Ukraine. And they can tell us what the effects of these different campaigns are. You know, to contrast that with Cybercrime, when we rug pull all the infrastructure out from under a problem set like LumaCT, they don't really come back to Cloudflare. You know, the free tier of access that Cloudflare offers has become too expensive for them. So they go to other providers, right? And so with the case of Nasty Shrew and some others, we rug pull their infrastructure and they just come right back the next day with new accounts and new kind of approaches and procedures. And so it's been, I would say, relentless in the persistence and something that we spend a great deal of time on and worth spending some time reading in the report. You know, Nasty Shrew specifically and the industry, it's more widely known as Gamma Redden. Makes sense. One of the things, maybe we can do a little game of very short questions. One would be related to actions. If I'm a CISO watching this and seeing the report, what is the one thing I should fix this quarter? I should be aware of from the report specifically. I think, well, first of all, I've never heard anybody say CISO. Chris, how do you say CISO? CISO. CISO. CISO. CISO. Sorry. Portuguese. Portuguese pronunciation. CISO. I'm going to start saying that now and just see what... No. Yeah. Yeah. I would say probably the top thing for enterprises in the US and Europe, specifically North Korean IT workers, I think you really need to get a handle on that, especially if your organization has a large cohort of developers where, you know, that's the most likely path into an enterprise is, you know, open developer jobs or even contractors that deliver services on behalf of a large company like that. Yeah, that would be the first on my list, I think. Chris has to come on now. Yeah, we've touched on it briefly, but I think the most concerning thing from my perspective and that we're seeing more of, and that will affect probably the widest number of organizations are those third -party integrations, whether it's the Salesforce breach that we saw, workday incidents, the Notepad++ supply chain operations, NPM attacks. You know, there's numerous examples kind of every month. And so really looking at what your environment connects to and what permissions you're giving those kind of third-party integrations and how much you are confident in those, in the defenses and security of those organizations and software supply chains that you connect to, I think is for me, probably the biggest concern and probably something we'll more examples of over the coming year. It's interesting that one of the things about AI that we're seeing is, hey, one person can be like a 1 billion company one of these days. Sam Altman said that maybe it will be in recent months, but for attackers, that's also the case. One person, just a few people can actually do an industry as we say in this report, in terms of industrialization, actually creating more processes to attack even more at scale. That's really scary. Even the phishing numbers are really scary in terms of supply chains, habitat, and things like that. Also really interesting to see, scary, but interesting at the same time in a way. Anything we want to add specifically about main takeaways from the report? We haven't done so. Brian? I don't have anything to add to the report, except that Chris and I spent a lot of time and so did a lot of other people trying to decide what's important and coming up with ways to distill that for a very broad audience. I'm really excited about the report and proud of it. And I hope our customers and partners around the world will receive it well. Makes sense. Anything to add, Chris, there? Actually, I have one about identity and infrastructure. What's now the primary target? Is that one or the other? Are we officially in the attack, the session era? In my opinion, they're not mutually exclusive. In cybercrime especially, I see there's specializations and different approaches. One cybercriminal enterprise might have learned something important about identity services that makes them uniquely positioned to succeed as a criminal in that space. Others have spent more time compromising infrastructure, using compute on someone else's dime. Makes sense. Anything you want to add there, Chris? No, I think just one other takeaway as a slight tangent to what we were just discussing was, like Brian said, we look across a number of, a wide range of different threat actors and activity. And importantly, we are well positioned to actually disrupt that as well and not just identify emerging threats, but actually work with partners, whether it be other security vendors or organizations or law enforcement, to actually disrupt these operations and ultimately see if we can give the attackers a harder day than the defenders. We've touched on a few examples there in terms of the cybercrime space, but we've also done in the APT space as well. And I think it's important to work together as a community to understand the breadth of these campaigns and all the different components going to them. But for example, we continue to see the evolution of the kind of Chinese state -sponsored threat actors and their activity and their stealth capabilities through 2025, but actually towards the back end of 2025, we work with partners to disrupt Clumsy Toad, otherwise known as Mustang Panda, and one of the Chinese state-sponsored threat actors there. So we terminated over 20 malicious Cloudflare accounts to over 400 domains, neutralized around 90 different kind of core assets, several C2 domains or proxies or infrastructure being used to deliver payloads, actually making sure that we're not just recognizing and identifying these attacks, but actually doing something to disrupt them. Makes sense. Regarding the call to action perspective, we have, of course, our threat research available online in our website. I'll post the link here for those who want to be interested. Anything that we should highlight about what people can do with some of this information other than seeing the report about threat intelligence, managed defense, cyber response and readiness? Yeah, I think if you have already a security organization, maybe under the CISO at your enterprise that is already collecting based on priorities or collection requirements, then I hope this report will help them maybe decide what investments to make in cybersecurity, what things to anticipate in the coming year. And for a retrospective, looking back on maybe all the data that they have available in the enterprise to see if maybe some of these problems have crossed their boundaries. Yeah. Sorry for the ramble there. Makes sense. Of course. Anything you want to add, Chris, there? No, I think that's a good summary. Okay. I think we're done here. Many things for people to explore in the report, the actual report where there's many more details on the attackers and solutions as well. So thank you, Chris. Thank you, Brian. And that's a wrap. Thanks. Thanks a lot.