T1213.006SubTechniquecollection

T1213.006Databases

Sub-technique of T1213

Platforms: IaaS · Linux · macOS · SaaS · Windows

ATT&CK version: v19.1

What it is

Adversaries may leverage databases to mine valuable information. These databases may be hosted on-premises or in the cloud (both in platform-as-a-service and software-as-a-service environments). Examples of databases from which information may be collected include MySQL, PostgreSQL, MongoDB, Amazon Relational Database Service, Azure SQL Database, Google Firebase, and Snowflake. Databases may include a variety of information of interest to adversaries, such as usernames, hashed passwords, personally identifiable information, and financial data. Data collected from databases may be used for [Lateral Movement](https://attack.mitre.org/tactics/TA0008), [Command and Control](https://attack.mitre.org/tactics/TA0011), or [Exfiltration](https://attack.mitre.org/tactics/TA0010). Data exfiltrated from databases may also be used to extort victims or may be sold for profit.(Citation: Google Cloud Threat Intelligence UNC5537 Snowflake 2024)

ATT&CK tactics· 1

Collection

References

  1. https://attack.mitre.org/techniques/T1213/006
  2. https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.
T1213.006: Databases | SQUR Knowledge Base