Threat actors may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid Threat actors in further objectives, such as Credential Access, Lateral Movement, or Defense Evasion, or direct access to the target information. Threat actors may also abuse external sharing features to share sensitive documents with recipients outside of the organization (i.e., Transfer Data to Cloud Account).
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.