Transfer Data to Cloud Account (T1537)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Transfer Data to Cloud Account

Associated Tactics

  • Exfiltration

Exfiltration (TA0010)

The adversary is trying to steal data. Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they’ve collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.

View on ATT&CK

Procedure Examples

Description Source(s)
Amazon Web Services. (n.d.). Share an Amazon EBS snapshot. Retrieved March 2, 2022. AWS EBS Snapshot Sharing
Clint Gibler and Scott Piper. (2021, January 4). Lesser Known Techniques for Attacking AWS Environments. Retrieved March 4, 2024. TLDRSec AWS Attacks
Delegate access with a shared access signature. (2019, December 18). Delegate access with a shared access signature. Retrieved March 2, 2022. Azure Shared Access Signature
Microsoft Azure. (2021, December 29). Blob snapshots. Retrieved March 2, 2022. Azure Blob Snapshots
Microsoft. (2023, June 7). Grant limited access to Azure Storage resources using shared access signatures (SAS). Retrieved March 4, 2024. Microsoft Azure Storage Shared Access Signature
Mueller, R. (2018, July 13). Indictment - United States of America vs. VIKTOR BORISOVICH NETYKSHO, et al. Retrieved September 13, 2018. DOJ GRU Indictment Jul 2018