The Five Eyes intelligence alliance (FVEY) has warned that hackers from the Russian Foreign Intelligence Service (SVR), known as APT29, are now targeting cloud services. After breaching U.S. federal agencies and Microsoft 365 accounts in NATO nations, they are now compromising cloud infrastructures using stolen service credentials and access tokens, as well as exploiting residential routers and MFA fatigue. Defenses against these initial access methods, such as enabling MFA and monitoring for indicators of compromise, are recommended.