MS-T840 - Object replication (8fdc8739-5b51-51c8-b290-f94a3bd07271)
Attackers may set a replication policy between source and destination containers that asynchronously copies objects from source to destination. This feature can be maliciously misused in both directions. Outbound replication can serve as an exfiltration channel of customer data from the victim's container to an adversary's container. Inbound replication can be used to deliver malware from an adversary's container to a victim's container. After the policy is set, the attacker can operate on their container without accessing the victim container.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Transfer Data to Cloud Account - T1537 (d4bdbdea-eaec-4071-b4f9-5105e12ea4b6) | Attack Pattern | MS-T840 - Object replication (8fdc8739-5b51-51c8-b290-f94a3bd07271) | Threat Matrix for storage services | 1 |