Common Information
| Type | Value |
|---|---|
| Value |
Cloud Accounts - T1586.003 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may compromise cloud accounts that can be used during targeting. Adversaries can use compromised cloud accounts to further their operations, including leveraging cloud storage services such as Dropbox, Microsoft OneDrive, or AWS S3 buckets for [Exfiltration to Cloud Storage](https://attack.mitre.org/techniques/T1567/002) or to [Upload Tool](https://attack.mitre.org/techniques/T1608/002)s. Cloud accounts can also be used in the acquisition of infrastructure, such as [Virtual Private Server](https://attack.mitre.org/techniques/T1583/003)s or [Serverless](https://attack.mitre.org/techniques/T1583/007) infrastructure. Compromising cloud accounts may allow adversaries to develop sophisticated capabilities without managing their own servers.(Citation: Awake Security C2 Cloud) A variety of methods exist for compromising cloud accounts, such as gathering credentials via [Phishing for Information](https://attack.mitre.org/techniques/T1598), purchasing credentials from third-party sites, conducting [Password Spraying](https://attack.mitre.org/techniques/T1110/003) attacks, or attempting to [Steal Application Access Token](https://attack.mitre.org/techniques/T1528)s.(Citation: MSTIC Nobelium Oct 2021) Prior to compromising cloud accounts, adversaries may conduct Reconnaissance to inform decisions about which accounts to compromise to further their operation. In some cases, adversaries may target privileged service provider accounts with the intent of leveraging a [Trusted Relationship](https://attack.mitre.org/techniques/T1199) between service providers and their customers.(Citation: MSTIC Nobelium Oct 2021) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2018-04-24 | 11 | Get NIST 800-53 Ready with Dome9! - Check Point Software | ||
| Details | Website | 2018-03-21 | 0 | Preventing crypto-mining attacks: four key steps that’ll keep you safe - Check Point Software | ||
| Details | Website | 2018-02-23 | 3 | NEW: Vulnerability and Assessment Scanning for Your AWS Cloud Databases | Imperva | ||
| Details | Website | 2018-02-21 | 0 | Enterprise Cloud Access Apps: The Invisible Trojan Backdoor | ||
| Details | Website | 2017-09-21 | 0 | It’s All Fun and Games…Until Your "Smart" Home Gets Hacked | Radware Blog | ||
| Details | Website | 2017-04-21 | 1 | How Bitmovin is Doing Multi-Stage Canary Deployments with Kubernetes in the Cloud and On-Prem | ||
| Details | Website | 2014-11-13 | 0 | AWS Authentication Security: Securing Keys to the Cloud | ||
| Details | Website | 2014-08-15 | 1 | Hiding A Bitcoin Mining Botnet In The Cloud - Darknet - Hacking Tools, Hacker News & Cyber Security |