Lateral Movement
The lateral movement tactic consists of techniques that are used by attackers to move through the victim’s environment. In containerized environments, this includes gaining access to various resources in the cluster from a given access to one container, gaining access to the underlying node from a container, or gaining access to the cloud environment.
| ID | Name |
|---|---|
| MS-TA9020 | Access cloud resources |
| MS-TA9016 | Container service account |
| MS-TA9034 | Cluster internal networking |
| MS-TA9027 | Application credentials in configuration files |
| MS-TA9013 | Writable hostPath mount |
| MS-TA9035 | CoreDNS poisoning |
| MS-TA9036 | ARP poisoning and IP spoofing |