Google Cloud Platform is named as a targeted platform in the reported APT41 credential harvesting campaign, with typosquatted domains mimicking googleapis.com used to obscure C2 traffic. As with other cloud platforms in this campaign, the report is sourced from secondary threat intelligence without confirmed primary corroboration. Recommended detection actions include querying Cloud DNS for lookalike domain lookups, reviewing Cloud Audit Logs for anomalous service account key creation events and storage.objects.list calls from service accounts with no prior storage access history, and monitoring the GCP Security Bulletins and CISA advisories for authoritative confirmation.