Transfer Data to Cloud Account (ab4f22d6-465f-4a16-8a40-693f2234c4ac)

Adversaries may exfiltrate data by transferring the data, including through sharing/syncing and creating backups of cloud environments, to another cloud account they control on the same service.

A defender who is monitoring for large transfers to outside the cloud environment through normal file transfers or over command and control channels may not be watching for data transfers to another account within the same cloud provider. Such transfers may utilize existing cloud provider APIs and the internal address space of the cloud provider to blend into normal traffic or avoid data transfers over external network interfaces.^{[TLDRSec AWS Attacks]}

Adversaries may also use cloud-native mechanisms to share victim data with adversary-controlled cloud accounts, such as creating anonymous file sharing links or, in Azure, a shared access signature (SAS) URI.^{[Microsoft Azure Storage Shared Access Signature]}

Incidents have been observed where adversaries have created backups of cloud instances and transferred them to separate accounts.^{[DOJ GRU Indictment Jul 2018]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Transfer Data to Cloud Account (ab4f22d6-465f-4a16-8a40-693f2234c4ac)	Tidal Technique	1
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Scheduled Transfer (ea0557cd-94bc-48cf-9c3b-293c40986464)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (4c34fe8b-ea13-55f9-9a2f-5948e2a2ecca)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (8b6743e7-e856-5772-8b38-2c002602b365)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Exfiltration Over Alternative Protocol (192d25ea-bae1-48e4-88de-e0acd481ab88)	Tidal Technique	2
Exfiltration Over C2 Channel (89203cae-d3f1-4eef-9b5a-29042eb05d19)	Tidal Technique	Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Exfiltration Over Other Network Medium (d8541e2d-6bdd-4ec0-95c4-c0f657502d5f)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Exfiltration Over Physical Medium (36e0e8c0-ed8c-42b5-8bbf-b7cb322bc26f)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Exfiltration Over Web Service (66768217-acdd-4b52-902f-e29483630ad6)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Data Transfer Size Limits (dc98c882-8fba-4a10-bc6f-43088edb87af)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Automated Exfiltration (26abc19f-5968-45f1-aa1f-f35863a2f804)	Tidal Technique	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (38cfe608-a7e3-4e4f-9e2d-6a6ab14946f9)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (848e3552-e89d-4981-a5a5-eaf610e6eb37)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (c2fc2776-e674-46ff-8b8d-ecc90b8b1c26)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (c4a8902a-bb87-4be2-bbaf-c40c9ebcbae1)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (b27b273b-77e7-4243-8b48-a735857c0708)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (f424dade-21f3-4269-9940-ce64d93b97c4)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (ce886c55-17ab-4c1c-90dc-3aa93e69bdb4)	Unknown	2
Exfiltration (66249a6d-be4e-43ab-a295-349d03a98023)	Tidal Tactic	Private Cluster (27041aa4-13e7-4d84-b1c7-02047beb5534)	Unknown	2