EXPLORE
← Back to Explore
T1531

Account Access Removal

Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users. Accounts may be deleted, locked, or manipulated (ex: changed credentials, revoked permissions for SaaS platforms such as Sharepoint) to remove access to accounts.(Citation: Obsidian Security SaaS Ransomware June 2023) Adversaries may also subsequently log off and/or perform a [System Shutdown/Reboot](https://attack.mitre.org/techniques/T1529) to set malicious chan...

LinuxmacOSWindowsSaaSIaaSOffice SuiteESXi
27
Detections
3
Sources
2
Threat Actors

BY SOURCE

12elastic9sigma6splunk_escu

PROCEDURES (16)

General Monitoring3 detections

Auto-extracted: 3 detections for general monitoring

Api2 detections

Auto-extracted: 2 detections for api

Credential2 detections

Auto-extracted: 2 detections for credential

Process Creation Monitoring2 detections

Auto-extracted: 2 detections for process creation monitoring

Service2 detections

Auto-extracted: 2 detections for service

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

Service1 detections

Auto-extracted: 1 detections for service

Credential1 detections

Auto-extracted: 1 detections for credential

Privilege1 detections

Auto-extracted: 1 detections for privilege

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Aws1 detections

Auto-extracted: 1 detections for aws

Aws1 detections

Auto-extracted: 1 detections for aws

Api1 detections

Auto-extracted: 1 detections for api

Cloud1 detections

Auto-extracted: 1 detections for cloud

Service1 detections

Auto-extracted: 1 detections for service

Privilege1 detections

Auto-extracted: 1 detections for privilege

THREAT ACTORS (2)

DETECTIONS (27)