nerdexam
EC-Council

312-50V13 · Question #263

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise use

The correct answer is A. Cloud hopper attack. Cloud Hopper Attack Explained Why A is Correct: A Cloud Hopper attack specifically targets Managed Service Providers (MSPs) as an entry point to reach their downstream customers. Attackers compromise the MSP's infrastructure, then "hop" from the MSP's privileged access into the t

Submitted by minji_kr· Mar 6, 2026Cloud Computing

Question

Alice, a professional hacker, targeted an organization's cloud services. She infiltrated the targets MSP provider by sending spear-phishing emails and distributed custom-made malware to compromise user accounts and gain remote access to the cloud service. Further, she accessed the target customer profiles with her MSP account, compressed the customer data, and stored them in the MSP. Then, she used this information to launch further attacks on the target organization. Which of the following cloud attacks did Alice perform in the above scenario?

Options

  • ACloud hopper attack
  • BCloud cryptojacking
  • CCloudborne attack
  • DMan-in-the-cloud (MITC) attack

How the community answered

(17 responses)
  • A
    76% (13)
  • B
    6% (1)
  • C
    6% (1)
  • D
    12% (2)

Explanation

Cloud Hopper Attack Explained

Why A is Correct: A Cloud Hopper attack specifically targets Managed Service Providers (MSPs) as an entry point to reach their downstream customers. Attackers compromise the MSP's infrastructure, then "hop" from the MSP's privileged access into the target organization's cloud environment - exactly what Alice did by infiltrating the MSP, stealing customer data, and using it to attack the final target.

Why the Distractors Are Wrong:

  • B (Cloud Cryptojacking): This involves hijacking cloud computing resources to mine cryptocurrency - there's no cryptomining activity in this scenario.
  • C (Cloudborne Attack): This targets vulnerabilities in bare-metal cloud infrastructure/firmware, allowing attackers to persist through server reassignments - not relevant here.
  • D (MITC Attack): This exploits cloud synchronization tokens (like OAuth tokens) to intercept data between users and cloud services - Alice used spear-phishing and MSP access, not token hijacking.

Memory Tip: Think of "Cloud Hopper" as a stepping stone attack - the attacker hops through an MSP (the middleman) to reach the real target, like using a lily pad to cross a pond. If you see MSP + pivot to customer = Cloud Hopper.

Topics

#Cloud Attacks#MSP Security#Supply Chain Attacks

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice