Monday 06 July 2026 13:39:23 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Identity-led intrusion

An attack that starts with a stolen or abused account and uses that trust to reach data.

An identity-led intrusion is an attack that begins with a stolen, phished, or abused account and then uses that valid access to reach systems or data. Instead of breaking through a firewall first, the intruder logs in as a trusted user and moves through normal business tools, cloud apps, or internal portals. Because the activity can look like legitimate work, this type of intrusion is often harder to spot than malware-driven compromise.

This matters in cyber security because identity is now a primary control plane. If an attacker captures one employee or service account, they may inherit access to emails, file shares, admin consoles, or customer records. Defenses focus on phishing-resistant multi-factor authentication, least-privilege permissions, conditional access, and logging that detects unusual sign-ins, downloads, or exports. In real attacks, the damage often comes from what the account is allowed to see, not from how widely the attacker spreads.

← WIKICROOK index