T1213 - Data from Information Repositories

Record summary

A quick snapshot of what this page covers.

Records1Records included in this view.

SourcePublicBuilt from public source data.

ModeStaticPrepared as a ready-to-read page.

ATT&CK object

The broader cybersecurity technique connected to these AI records.

Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid adversaries in further objectives, such as Credential Access, Lateral Movement, or Defense Evasion, or direct access to the target information. Adversaries may also abuse external sharing features to share sensitive documents with recipients outside of the organization (i.e., Transfer Data to Cloud Account).

The following is a brief list of example information that may hold potential value to an adversary and may also be found on an information repository:

Policies, procedures, and standards
Physical / logical network diagrams
System architecture diagrams
Technical system documentation
Testing / development credentials (i.e., Unsecured Credentials)
Work / project schedules
Source code snippets
Links to network shares and other internal resources
Contact or other sensitive information about business partners and customers, including personally identifiable information (PII)

Information stored in a repository may vary based on the specific instance or environment. Specific common information repositories include the following:

Storage services such as IaaS databases, enterprise databases, and more specialized platforms such as customer relationship management (CRM) databases
Collaboration platforms such as SharePoint, Confluence, and code repositories
Messaging platforms such as Slack and Microsoft Teams

In some cases, information repositories have been improperly secured, typically by unintentionally allowing for overly-broad access by all users or even public access to unauthenticated users. This is particularly common with cloud-native or cloud-hosted services, such as AWS Relational Database Service (RDS), Redis, or ElasticSearch.(Citation: Mitiga)(Citation: TrendMicro Exposed Redis 2020)(Citation: Cybernews Reuters Leak 2022)

ATT&CK ID: T1213
STIX ID: attack-pattern--d28ef391-8ed4-45dc-bc4a-2f43abf54416
Name: Data from Information Repositories
Connected AI records: 1

Connected AI records

AI security records connected to this cybersecurity technique.

AML.T0036 - Data from Information Repositories

Confidence: 1.00

Kindatlas_techniqueLink typesame_or_related_attack_techniqueMethodexact_attack_external_id

Source

Where this page information comes from.

Original source

Original source links

Open the public records and source datasets used for this page.

Repositoryhttps://github.com/mitre-attack/attack-stix-data Enterprise JSONhttps://github.com/mitre-attack/attack-stix-data/blob/master/enterprise-attack/enterprise-attack.json MITRE ATT&CK objecthttps://attack.mitre.org/techniques/T1213/