An active-active cluster does nothing if the cloud provider goes down. One of the main features of multi-cloud is redundancy. https://www.cloudflare.com/learning/cloud/what-is-multicloud/

Platform configuration register (PCR) hash: A PCR hash is versatile memory that stores data hashes for the sealing function. Sealing, on the other hand, "seals" the system state to a particular hardware and software configuration.

Explanation
XSS stands for cross-site scripting, which is a type of attack that injects malicious code into a web page that is then executed by the browser of a victim. The URL in the question contains a script tag that tries to execute a JavaScript code from an external source, which is a sign of XSS. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://owasp.org/www-community/attacks/xss/

Competitor is not an "threat actor". Based on the information provided, it seems that the most likely threat actor involved is an APT/nation-state. This is based on the fact that the security analyst's investigative report describes lateral movement across the network from various IP addresses originating from a foreign adversary country, which typically indicates a more advanced and sophisticated type of threat actor.
A competitor is also a possibility, but given the other indicators (website defacement, calls from the company president about the damage to the brand) and the fact that the security analyst's report specifically mentions a foreign adversary country, it seems more likely that an APT/nation- state is the primary threat actor in this scenario.