T1078.004 Cloud Accounts Mappings

Valid accounts in cloud environments may allow adversaries to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. Cloud Accounts can exist solely in the cloud or be hybrid joined between on-premises systems and the cloud through federation with other identity sources such as Windows Active Directory. (Citation: AWS Identity Federation)(Citation: Google Federating GC)(Citation: Microsoft Deploying AD Federation)

Service or user accounts may be targeted by adversaries through Brute Force, Phishing, or various other means to gain access to the environment. Federated accounts may be a pathway for the adversary to affect both on-premises systems and cloud environments.

An adversary may create long lasting Additional Cloud Credentials on a compromised cloud account to maintain persistence in the environment. Such credentials may also be used to bypass security controls such as multi-factor authentication.

Cloud accounts may also be able to assume Temporary Elevated Cloud Access or other privileges through various means within the environment. Misconfigurations in role assignments or role assumption policies may allow an adversary to use these mechanisms to leverage permissions outside the intended scope of the account. Such over privileged accounts may be used to harvest sensitive data from online storage accounts and databases through Cloud API or other methods.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
SC-43 Usage Restrictions Protects T1078.004 Cloud Accounts
CM-07 Least Functionality Protects T1078.004 Cloud Accounts
AC-02 Account Management Protects T1078.004 Cloud Accounts
AC-20 Use of External Systems Protects T1078.004 Cloud Accounts
AC-03 Access Enforcement Protects T1078.004 Cloud Accounts
AC-05 Separation of Duties Protects T1078.004 Cloud Accounts
AC-06 Least Privilege Protects T1078.004 Cloud Accounts
AC-07 Unsuccessful Logon Attempts Protects T1078.004 Cloud Accounts
CA-07 Continuous Monitoring Protects T1078.004 Cloud Accounts
CM-05 Access Restrictions for Change Protects T1078.004 Cloud Accounts
CM-06 Configuration Settings Protects T1078.004 Cloud Accounts
IA-12 Identity Proofing Protects T1078.004 Cloud Accounts
IA-02 Identification and Authentication (organizational Users) Protects T1078.004 Cloud Accounts
IA-05 Authenticator Management Protects T1078.004 Cloud Accounts
SA-10 Developer Configuration Management Protects T1078.004 Cloud Accounts
SA-11 Developer Testing and Evaluation Protects T1078.004 Cloud Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.004 Cloud Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.004 Cloud Accounts
SA-03 System Development Life Cycle Protects T1078.004 Cloud Accounts
SA-04 Acquisition Process Protects T1078.004 Cloud Accounts
SA-08 Security and Privacy Engineering Principles Protects T1078.004 Cloud Accounts
SC-28 Protection of Information at Rest Protects T1078.004 Cloud Accounts
SI-04 System Monitoring Protects T1078.004 Cloud Accounts
PUR-AS-E5 Audit Solutions Technique Scores T1078.004 Cloud Accounts
ME-RBAC-E3 Role Based Access Control Technique Scores T1078.004 Cloud Accounts
ME-PWA-E3 Passwordless Authentication Technique Scores T1078.004 Cloud Accounts
ME-PIM-E5 Privileged Identity Management Technique Scores T1078.004 Cloud Accounts
ME-MFA-E3 Multi-factor Authentication Technique Scores T1078.004 Cloud Accounts
DEF-SecScore-E3 Secure Score Technique Scores T1078.004 Cloud Accounts
DEF-LM-E5 Lateral Movements Technique Scores T1078.004 Cloud Accounts
DO365-AG-E5 App Governance Technique Scores T1078.004 Cloud Accounts
DEF-AIR-E5 Automated Investigation and Response Technique Scores T1078.004 Cloud Accounts
DO365-ATH-E5 Advanced Threat Hunting Technique Scores T1078.004 Cloud Accounts