Certified Ethical Hacker (CEH v11) — Question 191

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the target's MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her
MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization.
Which of the following cloud attacks did Alice perform in the above scenario?

Answer options

• A. Cloud cryptojacking
• B. Man-in-the-cloud (MITC) attack
• C. Cloud hopper attack
• D. Cloudborne attack

Correct answer: C

Explanation

Alice executed a Cloud hopper attack, which involves compromising a managed service provider (MSP) to access client data for further exploitation. The other options are not applicable; Cloud cryptojacking focuses on using cloud resources for cryptocurrency mining, Man-in-the-cloud (MITC) attack involves intercepting cloud-based sessions, and Cloudborne attacks refer to threats originating from cloud services rather than exploiting them.