Skip to content

Hide Navigation Hide TOC

Snapshot Deletion (16e07530-764b-4d83-bae0-cdbfc31bf21d)

The removal of a point-in-time backup of a cloud storage volume, virtual machine (VM), or database.

Data Collection Measures:

  • AWS CloudTrail
    • Logs DeleteSnapshot API calls in EC2, RDS, and EBS services.
  • Azure Monitor Logs
    • Tracks snapshot deletions via Microsoft.Compute/snapshots/delete API calls.
  • Google Cloud Logging
    • Detects snapshot removal through compute.disks.deleteSnapshot events.
Cluster A Galaxy A Cluster B Galaxy B Level
Snapshot Deletion (16e07530-764b-4d83-bae0-cdbfc31bf21d) mitre-data-component Data Destruction - T1485 (d45a3d09-b3cf-48f4-9f0f-f521ee5cb05c) Attack Pattern 1
Snapshot Deletion (16e07530-764b-4d83-bae0-cdbfc31bf21d) mitre-data-component Inhibit System Recovery - T1490 (f5d8eed6-48a9-4cdf-a3d7-d1ffa99c3d2a) Attack Pattern 1
Snapshot Deletion (16e07530-764b-4d83-bae0-cdbfc31bf21d) mitre-data-component Modify Cloud Compute Infrastructure - T1578 (144e007b-e638-431d-a894-45d90c54ab90) Attack Pattern 1