| ID | Name |
|---|---|
| ATAGS-T1101.001 | Create Cloud Instance |
| ATAGS-T1101.002 | Create Snapshot |
| ATAGS-T1101.003 | Delete Cloud Instance |
| ATAGS-T1101.004 | Modify Cloud Compute Configurations |
| ATAGS-T1101.005 | Revert Cloud Instance |
Threat Actors may modify settings that directly affect the size, locations, and resources available to cloud compute infrastructure in order to evade defenses. These settings may include service quotas, subscription associations, tenant-wide policies, or other configurations that impact available compute. Such modifications may allow Threat Actors to abuse the victim’s compute resources to achieve their goals, potentially without affecting the execution of running instances and/or revealing their activities to the victim.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.