CCC.IAM.TH05: Additional IAM Roles Creation
Threat ID:CCC.IAM.TH05
Title:Additional IAM Roles Creation
Description:
An adversary with access to a sufficiently privileged cloud account may create additional IAM roles to establish persistance or elevate their privileges.
Related Capabilities
| ID | Title | Description |
|---|---|---|
| CCC.IAM.F06 | IAM Roles / Service Principals | Ability to create, manage, list and delete IAM roles. IAM role is an identity for applications or services to access resources. |
| CCC.IAM.F10 | Custom Roles | Ability to create, manage, list and delete custom roles. Custom roles are user-defined roles that defines what actions are allowed. |
| CCC.IAM.F15 | Role Assumption / Delegation | Ability to temporarily assume another role or delegate access. Commonly used for user impersonation or temporary privilege elevation. |
External Mappings
| Reference ID | Entry ID | Strength | Remarks |
|---|---|---|---|
MITRE-ATT&CK | T1098.003 | 0 | Account Manipulation: Additional Cloud Roles |