1. Home
  2. ATT&CK Techniques
  3. T1213.003 Code Repositories

T1213.003 Code Repositories Mappings

Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that store source code and automate software builds. They may be hosted internally or privately on third party sites such as Github, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git.

Once adversaries gain access to a victim network or a private code repository, they may collect sensitive information such as proprietary source code or Unsecured Credentials contained within software's source code. Having access to software's source code may allow adversaries to develop Exploits, while credentials may provide access to additional resources using Valid Accounts.(Citation: Wired Uber Breach)(Citation: Krebs Adobe)

Note: This is distinct from Code Repositories, which focuses on conducting Reconnaissance via public code repositories.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CA-07 Continuous Monitoring mitigates T1213.003 Code Repositories
IA-09 Service Identification and Authentication mitigates T1213.003 Code Repositories
SA-10 Developer Configuration Management mitigates T1213.003 Code Repositories
SA-15 Development Process, Standards, and Tools mitigates T1213.003 Code Repositories
SA-03 System Development Life Cycle mitigates T1213.003 Code Repositories
SI-02 Flaw Remediation mitigates T1213.003 Code Repositories
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.003 Code Repositories
SA-11 Developer Testing and Evaluation mitigates T1213.003 Code Repositories
SA-08 Security and Privacy Engineering Principles mitigates T1213.003 Code Repositories
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.003 Code Repositories
AC-02 Account Management mitigates T1213.003 Code Repositories
AC-03 Access Enforcement mitigates T1213.003 Code Repositories
AC-05 Separation of Duties mitigates T1213.003 Code Repositories
AC-06 Least Privilege mitigates T1213.003 Code Repositories

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
attribute.confidentiality.data_disclosure None related-to T1213.003 Code Repositories

GCP Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
cloud_identity Cloud Identity technique_scores T1213.003 Code Repositories
Comments
MFA and enforcing the principal of least privilege can be used to control adversaries and possibly hinder them from gaining access to a victim network or a private code repository.
References
  1. ['https://cloud.google.com/identity']
security_command_center Security Command Center technique_scores T1213.003 Code Repositories
Comments
Using Web Security Scanner, SCC is able to detect repositories (e.g., Git or SVN) that are exposed to the public. Adversaries may use this lapse in security configuration to collect information about the target. Because of the near-real time temporal factor to detect against this cyber-attack this was graded as significant.
References
  1. ['https://cloud.google.com/security-command-center/docs/concepts-security-command-center-overview'
  2. 'https://github.com/GoogleCloudPlatform/security-analytics']