Skip to content

Lateral Movement

The lateral movement tactic consists of techniques that are used by attackers to move through the victim’s environment. In containerized environments, this includes gaining access to various resources in the cluster from a given access to one container, gaining access to the underlying node from a container, or gaining access to the cloud environment.

ID Name
MS-TA9020 Access cloud resources
MS-TA9016 Container service account
MS-TA9034 Cluster internal networking
MS-TA9027 Application credentials in configuration files
MS-TA9013 Writable hostPath mount
MS-TA9035 CoreDNS poisoning
MS-TA9036 ARP poisoning and IP spoofing