Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. Cloud storage services allow for the storage, edit, and retrieval of data from a remote cloud storage server over the Internet.
Examples of cloud storage services include Dropbox and Google Docs. Exfiltration to these cloud storage services can provide a significant amount of cover to the adversary if hosts within the network are already communicating with the service.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| AC-20 | Use of External Systems | Protects | T1567.002 | Exfiltration to Cloud Storage |
| AC-4 | Information Flow Enforcement | Protects | T1567.002 | Exfiltration to Cloud Storage |
| SC-7 | Boundary Protection | Protects | T1567.002 | Exfiltration to Cloud Storage |
| azure_sentinel | Azure Sentinel | technique_scores | T1567.002 | Exfiltration to Cloud Storage |
| cloud_app_security_policies | Cloud App Security Policies | technique_scores | T1567.002 | Exfiltration to Cloud Storage |
| cloud_app_security_policies | Cloud App Security Policies | technique_scores | T1567.002 | Exfiltration to Cloud Storage |