| ID | Name |
|---|---|
| ATAGS-T1086.001 | Cloud Accounts |
| ATAGS-T1086.002 | Default Accounts |
| ATAGS-T1086.003 | Domain Accounts |
| ATAGS-T1086.004 | Local Accounts |
Valid accounts in cloud environments may allow Threat Actors to perform actions to achieve Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Cloud accounts are those created and configured by an organization for use by users, remote support, services, or for administration of resources within a cloud service provider or SaaS application. Cloud Accounts can exist solely in the cloud; alternatively, they may be hybrid-joined between on-premises systems and the cloud through syncing or federation with other identity sources such as Windows Active Directory.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.