ACCORDING to SentinelOne’s Annual Threat Report for 2026, cyber attackers have become so prolific at abusing legitimate enterprise accounts and identity systems that it has become a “mass-marketed impersonation crisis.” The report warns that an adversary using valid credentials can blend in as a regular employee, bypassing many traditional protections and remaining invisible until harmful actions occur.
Published on 24 March 2026, it notes a shift by threat actors towards identity-based attacks at industrial scale, including compromising high‑level accounts to grant access to other accounts of interest. SentinelOne tracked over 1,000 job applications and roughly 360 fake personas linked to North Korean operations that attempted to secure remote work at Western tech firms.
The institute emphasises that post‑authentication behavioural monitoring is key to countering these threats, rather than relying solely on login validation. The article also highlights campaigns based on fake personas used for remote recruitment, with real insider access once employed, underscoring the evolving insider‑threat landscape.