| ID | Name |
|---|---|
| ATAGS-T1080.001 | Additional Cloud Credentials |
| ATAGS-T1080.002 | Additional Cloud Roles |
| ATAGS-T1080.003 | Additional Container Cluster Roles |
| ATAGS-T1080.004 | Additional Email Delegate Permissions |
| ATAGS-T1080.005 | Additional Local or Domain Groups |
| ATAGS-T1080.006 | Device Registration |
| ATAGS-T1080.007 | SSH Authorized Keys |
Threat Actors may add additional roles or permissions to Threat Actors-controlled user or service account to maintain persistent access to a container orchestration system. For example, Threat Actors with sufficient permissions may create a RoleBinding or a ClusterRoleBinding to bind a Role or ClusterRole to a Kubernetes account. Where attribute-based access control (ABAC) is in use, Threat Actors with sufficient permissions may modify a Kubernetes ABAC policy to give the target account additional permissions.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.