EXPLORE
Sign In
← Back to Explore
T1578.002

Create Cloud Instance

An adversary may create a new instance or virtual machine (VM) within the compute service of a cloud account to evade defenses. Creating a new instance may allow an adversary to bypass firewall rules and permissions that exist on instances currently residing within an account. An adversary may [Create Snapshot](https://attack.mitre.org/techniques/T1578/001) of one or more volumes in an account, create a new instance, mount the snapshots, and then apply a less restrictive security policy to colle...

IaaS
2
Detections
2
Sources
2
Threat Actors

BY SOURCE

1elastic1splunk_escu

PROCEDURES (2)

Cloud Monitoring1 detections

Auto-extracted: 1 detections for cloud monitoring

Service Monitoring1 detections

Auto-extracted: 1 detections for service monitoring

THREAT ACTORS (2)

LAPSUS$Scattered Spider

DETECTIONS (2)

AWS RDS DB Instance Restored
elasticmedium
Cloud Compute Instance Created With Previously Unseen Instance Type
splunk_escu