CCC.IAM.TH05 - Additional IAM Roles Creation

CCC.IAM.TH05: Additional IAM Roles Creation

Threat ID:CCC.IAM.TH05

Title:Additional IAM Roles Creation

Description:

An adversary with access to a sufficiently privileged cloud account may create additional IAM roles to establish persistance or elevate their privileges.

Related Capabilities

ID	Title	Description
CCC.IAM.CP06	IAM Roles / Service Principals	Ability to create, manage, list and delete IAM roles. IAM role is an identity for applications or services to access resources.
CCC.IAM.CP10	Custom Roles	Ability to create, manage, list and delete custom roles. Custom roles are user-defined roles that defines what actions are allowed.
CCC.IAM.CP15	Role Assumption / Delegation	Ability to temporarily assume another role or delegate access. Commonly used for user impersonation or temporary privilege elevation.

External Mappings

Reference ID	Entry ID	Strength	Remarks
MITRE-ATT&CK	T1098.003	0	Account Manipulation: Additional Cloud Roles