Threat Actors may gather credentials via APIs within a containers environment. APIs in these environments, such as the Docker API and Kubernetes APIs, allow a user to remotely manage their container resources and cluster components.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.