Threat actors may purchase and configure serverless cloud infrastructure, such as Cloudflare Workers, AWS Lambda functions, or Google Apps Scripts, that can be used during targeting. By utilizing serverless infrastructure, Threat actors can make it more difficult to attribute infrastructure used during operations back to them.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.