CCC.IAM.TH04: Additional Cloud Credentials Creation
Threat ID:CCC.IAM.TH04
Title:Additional Cloud Credentials Creation
Description:
An adversary with access to a sufficiently privileged cloud account may create additional credentials such as access keys, service accounts and temporary credentials to establish persistance or elevate their privileges.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.IAM.F02 | IAM Users | Ability to create, manage, list and delete IAM users. IAM user represents a single person or application. |
| CCC.IAM.F03 | Long-Term Credentials | Ability to create, manage, list and delete long-term credentials such as access keys and service account keys. |
| CCC.IAM.F04 | Password Management | Ability to create, change and delete IAM user passwords. |
| CCC.IAM.F08 | Federated Identity - SAML | Support for user authentication outside the cloud service provider using SAML. Authenticated federated identities can assume IAM roles. |
| CCC.IAM.F09 | Federated Identity - OIDC | Support for user authentication outside the cloud service provider using OIDC. Authenticated federated identities can assume IAM roles. |
| CCC.IAM.F11 | Resource-Level Access | Ability to restrict where actions are allowed, rather than the entire service. Defines the scope of the assignment. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1098.001 | 0 | Account Manipulation: Additional Cloud Credentials |