Threat Actors may patch, modify, or otherwise backdoor cloud authentication processes that are tied to on-premises user identities in order to bypass typical authentication mechanisms, access credentials, and enable persistent access to accounts.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.