Create Account: Cloud Account


Adversaries may create a cloud account to maintain access to victim systems. With a sufficient level of access, such accounts may be used to establish secondary credentialed access that does not require persistent remote access tools to be deployed on the system

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable.csCloudRead-onlyHTTPSList of IAM Policy

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Persistence

Technique: Create Account

Sub-Technique: Cloud Account

Platform: AWS

Products Required: Tenable.cs

Tenable Release Date: 2022 Q4