1. Home
  2. ATT&CK Techniques
  3. T1136.003 Cloud Account

T1136.003 Cloud Account Mappings

Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system.(Citation: Microsoft O365 Admin Roles)(Citation: Microsoft Support O365 Add Another Admin, October 2019)(Citation: AWS Create IAM User)(Citation: GCP Create Cloud Identity Users)(Citation: Microsoft Azure AD Users)

Adversaries may create accounts that only have access to specific cloud services, which can reduce the chance of detection.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1136.003 Cloud Account
AC-20 Use of External Systems Protects T1136.003 Cloud Account
AC-3 Access Enforcement Protects T1136.003 Cloud Account
AC-4 Information Flow Enforcement Protects T1136.003 Cloud Account
AC-5 Separation of Duties Protects T1136.003 Cloud Account
AC-6 Least Privilege Protects T1136.003 Cloud Account
CM-5 Access Restrictions for Change Protects T1136.003 Cloud Account
CM-6 Configuration Settings Protects T1136.003 Cloud Account
CM-7 Least Functionality Protects T1136.003 Cloud Account
IA-2 Identification and Authentication (organizational Users) Protects T1136.003 Cloud Account
IA-5 Authenticator Management Protects T1136.003 Cloud Account
SC-46 Cross Domain Policy Enforcement Protects T1136.003 Cloud Account
SC-7 Boundary Protection Protects T1136.003 Cloud Account
SI-4 System Monitoring Protects T1136.003 Cloud Account
SI-7 Software, Firmware, and Information Integrity Protects T1136.003 Cloud Account
attribute.integrity.variety.Created account Created new user account related-to T1136.003 Create Account: Cloud Account
aws_config AWS Config technique_scores T1136.003 Cloud Account