Skip to content

Hide Navigation Hide TOC

MS-T840 - Object replication (8fdc8739-5b51-51c8-b290-f94a3bd07271)

Attackers may set a replication policy between source and destination containers that asynchronously copies objects from source to destination. This feature can be maliciously misused in both directions. Outbound replication can serve as an exfiltration channel of customer data from the victim's container to an adversary's container. Inbound replication can be used to deliver malware from an adversary's container to a victim's container. After the policy is set, the attacker can operate on their container without accessing the victim container.

Cluster A Galaxy A Cluster B Galaxy B Level
MS-T840 - Object replication (8fdc8739-5b51-51c8-b290-f94a3bd07271) Threat Matrix for storage services Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) Attack Pattern 1