storage.objects.delete
Event
Deletes objects from Cloud Storage, used in data destruction or anti-forensics operations.
Security Context
- Deleting Cloud Storage objects can permanently destroy data if versioning is not enabled, causing irreversible data loss for backups, application data, and forensic evidence.
- Adversaries delete storage objects as part of destructive attacks, ransomware operations, or anti-forensics cleanup to remove evidence of exfiltrated data or staging buckets.
Log Source
Cloud Audit Logs
Sample Event
MITRE ATT&CK Mapping
Tactics: Impact
Techniques:
- T1485 — Data Destruction — Adversaries may destroy data and files on specific systems or in large numbers on a network to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and r...