T1567.002 Exfiltration to Cloud Storage Mappings

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. Cloud storage services allow for the storage, edit, and retrieval of data from a remote cloud storage server over the Internet.

Examples of cloud storage services include Dropbox and Google Docs. Exfiltration to these cloud storage services can provide a significant amount of cover to the adversary if hosts within the network are already communicating with the service.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-04 Information Flow Enforcement Protects T1567.002 Exfiltration to Cloud Storage
SC-07 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
DEF-SecScore-E3 Secure Score Technique Scores T1567.002 Exfiltration to Cloud Storage