Data from Cloud Storage (T1530)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Data from Cloud Storage

Associated Tactics

  • Collection

Collection (TA0009)

The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to either steal (exfiltrate) the data or to use the data to gain more information about the target environment. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.

View on ATT&CK

Procedure Examples

Description Source(s)
Amazon. (2019, May 17). How can I secure the files in my Amazon S3 bucket?. Retrieved October 4, 2019. Amazon S3 Security, 2019
Amlekar, M., Brooks, C., Claman, L., et. al.. (2019, March 20). Azure Storage security guide. Retrieved October 4, 2019. Microsoft Azure Storage Security, 2019
Barrett, B.. (2019, July 11). Hack Brief: A Card-Skimming Hacker Group Hit 17K Domains—and Counting. Retrieved October 4, 2019. Wired Magecart S3 Buckets, 2019
Google. (2019, September 16). Best practices for Cloud Storage. Retrieved October 4, 2019. Google Cloud Storage Best Practices, 2019
HIPAA Journal. (2017, October 11). 47GB of Medical Records and Test Results Found in Unsecured Amazon S3 Bucket. Retrieved October 4, 2019. HIPAA Journal S3 Breach, 2017
Justin Schoenfeld, Aaron Didier. (2021, May 4). Transferring leverage in a ransomware attack. Retrieved July 14, 2022. Rclone-mega-extortion_05_2021
Trend Micro. (2017, November 6). A Misconfigured Amazon S3 Exposed Almost 50 Thousand PII in Australia. Retrieved October 4, 2019. Trend Micro S3 Exposed PII, 2017