Skip to content

Mount service principal

Info

ID: MS-TA9026
Tactic: Credential Access
MITRE technique: T1552.001

When the cluster is deployed in the cloud, in some cases attackers can leverage their access to a container in the cluster to gain cloud credentials. For example, in AKS each node contains service principal credential.

Mitigations

ID Mitigation Description
MS-M9013 Restrict over permissive containers Block sensitive volume mounts using admission controller
MS-M9003 Adhere to least-privilege principle Grant minimal required permissions to service principals