Cloud Control Plane Attack.

An attack that targets the management API of a cloud provider (AWS, Azure, GCP) — IAM, billing, deployment APIs — rather than workloads, achieving tenant-wide impact through stolen tokens, federation abuse, or partner-channel compromises. 它属于网络安全的 云安全 分类。

An attack that targets the management API of a cloud provider (AWS, Azure, GCP) — IAM, billing, deployment APIs — rather than workloads, achieving tenant-wide impact through stolen tokens, federation abuse, or partner-channel compromises.

A cloud control-plane attack is one that targets the provider's management surface (sts:AssumeRole, AWS Organizations, Entra ID Graph, GCP Resource Manager, billing APIs, Identity Center, hub-and-spoke deployment tools) instead of the workloads running inside a tenant. Because every workload's permissions, every resource's existence, and the billing relationship itself live in the control plane, a control-plane compromise is unrecoverable from inside the tenant — the attacker can disable logging, exfiltrate keys, create persistent backdoor IAM users, modify Conditional Access, or move resources to other accounts. Documented techniques include long-lived access-key theft from developer laptops, Single-Sign-On compromise (the 2020 SolarWinds chain into Microsoft 365, the 2023 Storm-0558 Azure key forge), reseller-channel abuse (the 2024 Midnight Blizzard test-tenant pivot), federation/IdP trust manipulation (Golden SAML), and abuse of CI/CD identities with cloud admin trust (OIDC-to-cloud-role). Defenses focus on root-account isolation, FIDO2 phishing-resistant MFA on every break-glass identity, hardware-bound CI/CD trust, restrictive Conditional Access, immutable CloudTrail/Azure-Monitor to a separate tenant, and continuous control-plane anomaly detection.

针对 Cloud Control Plane Attack 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Cloud management-plane attack, Tenant takeover。