EXPLORE
Sign In
← Back to Explore
T1555.006

Cloud Secrets Management Stores

Adversaries may acquire credentials from cloud-native secret management solutions such as AWS Secrets Manager, GCP Secret Manager, Azure Key Vault, and Terraform Vault. Secrets managers support the secure centralized management of passwords, API keys, and other credential material. Where secrets managers are in use, cloud services can dynamically acquire credentials via API requests rather than accessing secrets insecurely stored in plain text files or environment variables. If an adversar...

IaaS
7
Detections
1
Sources
2
Threat Actors

BY SOURCE

7elastic

PROCEDURES (7)

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

Api1 detections

Auto-extracted: 1 detections for api

Credential1 detections

Auto-extracted: 1 detections for credential

Cloud1 detections

Auto-extracted: 1 detections for cloud

Privilege1 detections

Auto-extracted: 1 detections for privilege

Service1 detections

Auto-extracted: 1 detections for service

Exfiltrat1 detections

Auto-extracted: 1 detections for exfiltrat

THREAT ACTORS (2)

HAFNIUMStorm-0501

DETECTIONS (7)

AWS Secrets Manager Rapid Secrets Retrieval
elasticmedium
AWS Systems Manager SecureString Parameter Request with Decryption Flag
elasticmedium
Azure Key Vault Excessive Secret or Key Retrieved
elasticmedium
Azure Key Vault Unusual Secret Key Usage
elasticmedium
Azure Storage Account Keys Accessed by Privileged User
elasticmedium
First Time Seen AWS Secret Value Accessed in Secrets Manager
elasticmedium
Multiple Cloud Secrets Accessed by Source Address
elastichigh