T1567.002 Exfiltration to Cloud Storage Mappings

Adversaries may exfiltrate data to a cloud storage service rather than over their primary command and control channel. Cloud storage services allow for the storage, edit, and retrieval of data from a remote cloud storage server over the Internet.

Examples of cloud storage services include Dropbox and Google Docs. Exfiltration to these cloud storage services can provide a significant amount of cover to the adversary if hosts within the network are already communicating with the service.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-20 Use of External Systems Protects T1567.002 Exfiltration to Cloud Storage
AC-4 Information Flow Enforcement Protects T1567.002 Exfiltration to Cloud Storage
SC-7 Boundary Protection Protects T1567.002 Exfiltration to Cloud Storage
azure_sentinel Azure Sentinel technique_scores T1567.002 Exfiltration to Cloud Storage
cloud_app_security_policies Cloud App Security Policies technique_scores T1567.002 Exfiltration to Cloud Storage
cloud_app_security_policies Cloud App Security Policies technique_scores T1567.002 Exfiltration to Cloud Storage