T1651 - Cloud Administration Command
Tattiche:
Execution
Execution
Piattaforme:
IaaS
IaaS
Rilevamento:
Not specified
Not specified
Description:
Adversaries may abuse cloud management services to execute commands within virtual machines. Resources such as AWS Systems Manager, Azure RunCommand, and Runbooks allow users to remotely run scripts in virtual machines by leveraging installed virtual machine agents. (Citation: AWS Systems Manager Run Command)(Citation: Microsoft Run Command)
If an adversary gains administrative access to a cloud environment, they may be able to abuse cloud management services to execute commands in the environment’s virtual machines. Additionally, an adversary that compromises a service provider or delegated administrator account may similarly be able to leverage a [Trusted Relationship](https://attack.mitre.org/techniques/T1199) to execute commands in connected virtual machines.(Citation: MSTIC Nobelium Oct 2021)
If an adversary gains administrative access to a cloud environment, they may be able to abuse cloud management services to execute commands in the environment’s virtual machines. Additionally, an adversary that compromises a service provider or delegated administrator account may similarly be able to leverage a [Trusted Relationship](https://attack.mitre.org/techniques/T1199) to execute commands in connected virtual machines.(Citation: MSTIC Nobelium Oct 2021)
Usato da Attori (1)
Malware (2)
Metadata
| MITRE ID: | T1651 |
| STIX ID: | attack-pattern--d94b3ae9-8059-... |
| Piattaforme: | IaaS |
| Created: | 13/01/2026 17:48 |
| Updated: | 14/03/2026 16:00 |