Home
ATT&CK Techniques
T1136.003 Cloud Account

T1136.003 Cloud Account Mappings

Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system.(Citation: Microsoft O365 Admin Roles)(Citation: Microsoft Support O365 Add Another Admin, October 2019)(Citation: AWS Create IAM User)(Citation: GCP Create Cloud Identity Users)(Citation: Microsoft Azure AD Users)

Adversaries may create accounts that only have access to specific cloud services, which can reduce the chance of detection.

View in MITRE ATT&CK®

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name
AC-2	Account Management	Protects	T1136.003	Cloud Account
AC-20	Use of External Systems	Protects	T1136.003	Cloud Account
AC-3	Access Enforcement	Protects	T1136.003	Cloud Account
AC-4	Information Flow Enforcement	Protects	T1136.003	Cloud Account
AC-5	Separation of Duties	Protects	T1136.003	Cloud Account
AC-6	Least Privilege	Protects	T1136.003	Cloud Account
CM-5	Access Restrictions for Change	Protects	T1136.003	Cloud Account
CM-6	Configuration Settings	Protects	T1136.003	Cloud Account
CM-7	Least Functionality	Protects	T1136.003	Cloud Account
IA-2	Identification and Authentication (organizational Users)	Protects	T1136.003	Cloud Account
IA-5	Authenticator Management	Protects	T1136.003	Cloud Account
SC-46	Cross Domain Policy Enforcement	Protects	T1136.003	Cloud Account
SC-7	Boundary Protection	Protects	T1136.003	Cloud Account
SI-4	System Monitoring	Protects	T1136.003	Cloud Account
SI-7	Software, Firmware, and Information Integrity	Protects	T1136.003	Cloud Account
azure_sentinel	Azure Sentinel	technique_scores	T1136.003	Cloud Account
role_based_access_control	Role Based Access Control	technique_scores	T1136.003	Cloud Account
azure_ad_privileged_identity_management	Azure AD Privileged Identity Management	technique_scores	T1136.003	Cloud Account