MITIGA LABS
Welcome to Mitiga Labs, our research and innovation arm built to expose how modern attackers operate in Cloud and SaaS. We break down real campaigns and publish practical guidance tohelp security teams stop cloud attacks from having impact. Our research powers the Zero-Impact Breach Mitigation approach at the core of the Mitiga platform.
MITIGA LABS TEAM
A guide for defenders facing the realities of cloud-first attacks.We highlight where prevention fails and how Zero-Impact Breach Mitigation changes the outcome.
The Next Breach Path
A Threat Intelligence Brief from Mitiga Labs
Mitiga Labs is where we tear into the latest Cloud, SaaS, AI, and Identity attacks. Our researchers decode how adversaries operate and turn that knowledge into defense strategies that stop cloud attacks from having impact. Every discovery fuels Mitiga’s Zero-Impact Breach Mitigation.
Explore the latest discoveries, deep dives, and technical how-tos from the Mitiga Labs team. Our research is dedicated to informing defenders and disrupting attackers.
CORSLeak: Abusing IAP for Stealthy Data Exfiltration
When people talk about “highly restricted” cloud environments, they usually mean environments with no public IPs, no outbound internet, and strict VPC Service Controls locking everything down.
RESEARCHERS
Ariel KalmanFrom Rogue OAuth App to Cloud Infrastructure Takeover
In a recent incident response investigation, Mitiga uncovered a chilling attack that started with a single compromised email inbox and spiraled into a full-blown takeover of an organization's cloud infrastructure.
RESEARCHERS
Ucha GobejishviliHow Threat Actors Used Salesforce Data Loader for Covert API Exfiltration
In the course of just one week, multiple organizations have gone public regarding a breach in their SaaS CRM application.
RESEARCHERS
Nir VaronGod-Mode in the Shadows: When Security Tools Become Cloud Risks
By the time the alarms go off, it’s often too late. A trusted third-party security tool, one that promised to protect your cloud and SaaS environments, has been operating with unchecked ‘god-mode’ privileges.
RESEARCHERS
Hackers in Aisle 5: What DragonForce Taught Us About Zero Trust
A major social engineering campaign by DragonForce hit UK retailers leading to ransomware deployment and data exfiltration. Mitiga Labs examines the attack and highlights where Zero Trust could have stopped it.
RESEARCHERS
Jed MorleyPrincipal Incident Responder
Senior Security Researcher
Head of Cloud Security Research
Senior Incident Responder
Principal Cloud Security Researcher
Senior Cloud TDIR
Senior Incident Responder
Security analyst
Senior Director | Mitiga Research
The next critical capability for Mitiga's Al-native CDR platform is here.
Explore our solution that empowers and automates SecOps, protects AI infrastructure, and defends against AI-sclaed attacks.
