Cloud Accounts

Cloud accounts represent a significant attack vector within the "Gain Access" phase where adversaries leverage compromised or created credentials to access cloud environments and their resources. This sub-technique of "Valid Accounts" involves either compromising existing credentials through methods like phishing, credential stuffing, or password spraying; creating accounts through social engineering or exploitation of misconfigured cloud services; or maintaining persistence through service accounts with elevated privileges. Once obtained, these legitimate credentials allow adversaries to bypass traditional security controls, operate under the guise of authorized users, access sensitive data across multiple cloud services (IaaS, PaaS, SaaS), and potentially move laterally within the cloud infrastructure. The impact is particularly severe due to the extensive permissions and cross-service access that cloud accounts often possess, especially in environments with inadequate permission boundaries or monitoring capabilities.