Show in Graph
Common Information
Type Value
Value 
Cloud API - T1059.009
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may abuse cloud APIs to execute malicious commands. APIs available in cloud environments provide various functionalities and are a feature-rich method for programmatic access to nearly all aspects of a tenant. These APIs may be utilized through various methods such as command line interpreters (CLIs), in-browser Cloud Shells, [PowerShell](https://attack.mitre.org/techniques/T1059/001) modules like Azure for PowerShell(Citation: Microsoft - Azure PowerShell), or software developer kits (SDKs) available for languages such as [Python](https://attack.mitre.org/techniques/T1059/006). Cloud API functionality may allow for administrative access across all major services in a tenant such as compute, storage, identity and access management (IAM), networking, and security policies. With proper permissions (often via use of credentials such as [Application Access Token](https://attack.mitre.org/techniques/T1550/001) and [Web Session Cookie](https://attack.mitre.org/techniques/T1550/004)), adversaries may abuse cloud APIs to invoke various functions that execute malicious actions. For example, CLI and PowerShell functionality may be accessed through binaries installed on cloud-hosted or on-premises hosts or accessed through a browser-based cloud shell offered by many cloud platforms (such as AWS, Azure, and GCP). These cloud shells are often a packaged unified environment to use CLI and/or scripting modules hosted as a container in the cloud environment.
Details Published Attributes CTI Title
Details Website 2023-10-24 0 Driving API Security Forward: Protecting Vehicle-to-Cloud Communications
Details Website 2023-08-25 195 Russia/Ukraine Update - August 2023
Details Website 2023-08-01 0 Optimize Your Enterprise with Trinzic X6 DDI Appliances | NIOS 9.0.1 | Infoblox
Details Website 2023-06-27 5 Enhancing Security Operations: IBM Security QRadar SOAR and RST Cloud Threat Intelligence
Details Website 2023-06-20 0 Drawing lines in the cloud: A new era for MDR - Red Canary
Details Website 2023-06-06 5 Enhancing Network Security: Integrating Threat Intelligence with Palo Alto NGFW
Details Website 2023-05-30 37 Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
Details Website 2023-05-29 0 How Apigee can help government agencies adopt Zero Trust Architecture
Details Website 2023-05-22 54 Permiso | Blog | Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor
Details Website 2023-05-17 2 Challenge Accepted: RSA Highlights | Arctic Wolf
Details Website 2023-05-10 0 Why Honeytokens Are the Future of Intrusion Detection - RedPacket Security
Details Website 2023-05-10 0 Why Honeytokens Are the Future of Intrusion Detection
Details Website 2023-05-01 84 Chain Reaction: ROKRAT’s Missing Link - Check Point Research
Details Website 2023-04-20 0 Cloud Agnostic or Devout | Terraform | Brandon Evans | SANS Institute
Details Website 2023-04-20 481 ATT&CK Changes
Details Website 2023-04-03 23 How to monitor Kafka and Confluent Cloud with Elastic Observability
Details Website 2023-03-22 0 CNAPP: Gartner® Market Guide for 2023 - 6 Key Takeaways
Details Website 2022-12-19 595 Blog
Details Website 2022-12-13 0 Know your enemy:A look at 4 common attack paths
Details Website 2022-07-22 5 Cloud Identity API  |  Google Cloud
Details Website 2022-07-14 12 Abusing Duo Authentication Misconfigurations in Windows & AD
Details Website 2022-04-21 145 TeamTNT targeting AWS, Alibaba
Details Website 2022-03-29 0 Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
Details Website 2022-03-29 0 Why Organizations Should Take Cloud-Based Cryptocurrency-Mining Attacks Seriously
Details Website 2021-10-18 498 Vulnerability Summary for the Week of October 11, 2021 | CISA