Skip to content

T1619 Cloud Storage Object Discovery

Adversaries may enumerate objects in cloud storage infrastructure. Adversaries may use this information during automated discovery to shape follow-on behaviors, including requesting all or specific objects from cloud storage. Similar to File and Directory Discovery on a local host, after identifying available storage services (i.e. Cloud Infrastructure Discovery) adversaries may access the contents/objects stored in cloud infrastructure.

Cloud service providers offer APIs allowing users to enumerate objects stored within cloud storage. Examples include ListObjectsV2 in AWS 1 and List Blobs in Azure2 .

Item Value
ID T1619
Sub-techniques
Tactics TA0007
Platforms IaaS
Version 1.0
Created 01 October 2021
Last Modified 11 April 2022

Procedure Examples

ID Name Description
S0683 Peirates Peirates can list AWS S3 buckets.3

Mitigations

ID Mitigation Description
M1018 User Account Management Restrict granting of permissions related to listing objects in cloud storage to necessary accounts.

Detection

ID Data Source Data Component
DS0010 Cloud Storage Cloud Storage Access

References

  1. Amazon - ListObjectsV2. Retrieved October 4, 2021. 

  2. Microsoft - List Blobs. (n.d.). Retrieved October 4, 2021. 

  3. InGuardians. (2022, January 5). Peirates GitHub. Retrieved February 8, 2022.