Understanding Cloud Persistence: How Attackers Maintain Access Using Google Cloud Functions
whiteknightlabs.com/2025/11/1…
In today’s cloud-driven world, security is not only about preventing entry. It is about ensuring that once a threat is discovered, it cannot silently return.
In Google Cloud Platform (GCP), attackers who gain access may attempt to persist by misusing legitimate services such as Cloud Functions and service accounts. These tools, designed to automate and simplify cloud operations, can be manipulated to redeploy hidden functions, recreate deleted identities, or automatically restore permissions — effectively allowing attackers to maintain continuous access even after initial detection.
