Access key query

Info

ID: MS-T818
Tactic: Credential access
MITRE technique: T1528

Attackers may leverage subscription/account-level access to gather storage account keys and use these keys to authenticate at the resource level. This technique exhibits cloud resource pivoting in combination with control management and data planes. Adversaries can query management APIs to fetch primary and secondary storage account keys.