MS-T818 - Access key query (06735c35-4f9d-5ba4-9f05-7d087eac2e84)
Attackers may leverage subscription/account-level access to gather storage account keys and use these keys to authenticate at the resource level. This technique exhibits cloud resource pivoting in combination with control management and data planes. Adversaries can query management APIs to fetch primary and secondary storage account keys.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| MS-T818 - Access key query (06735c35-4f9d-5ba4-9f05-7d087eac2e84) | Threat Matrix for storage services | Steal Application Access Token - T1528 (890c9858-598c-401d-a4d5-c67ebcdd703a) | Attack Pattern | 1 |