Threat actors are increasingly targeting Kubernetes environments by exploiting vulnerabilities like React2Shell and misconfigurations to steal service account tokens. These stolen identities are then used to escalate privileges and move laterally into backend cloud infrastructure, leading to severe impacts such as cryptocurrency theft.