AWS ChangePassword
Allows an IAM user to change their own AWS Management Console login password.
Impact
Impact
Section titled “Impact”The adversary is trying to manipulate, interrupt, or destroy your systems and data.
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.
In cloud environments, impact techniques include deleting critical resources (databases, storage, compute instances), encrypting data for ransom, modifying DNS records, or disrupting services by changing security configurations. Adversaries may also terminate instances, delete backups, or exhaust service quotas to cause denial of service.
View Impact on MITRE ATT&CK →Events Related to Impact
Section titled “Events Related to Impact”AWS DeleteAccessKey
Permanently deletes an IAM user's access key, revoking the associated programmatic access credentials.
AWS DeleteBucket
Permanently deletes an S3 bucket; the bucket must be empty before deletion can succeed.
AWS DeleteDBCluster
Permanently deletes an Aurora DB cluster and optionally its automated backups.
AWS DeleteDBInstance
Permanently deletes an RDS database instance, with an option to take a final snapshot before deletion.
AWS DeleteFileSystem
Permanently deletes an EFS file system and all its data; all mount targets must be deleted first.
AWS DeleteGlobalCluster
Deletes an Aurora global database cluster that spans multiple AWS regions.
AWS DeleteLoginProfile
Removes an IAM user's console password, preventing them from signing in to the AWS Management Console.
AWS DeleteObject
Deletes a single object from an S3 bucket; with versioning enabled, a delete marker is created instead.
AWS DeleteObjects
Deletes multiple S3 objects in a single batch request, more efficient than individual delete operations.
AWS DeleteSnapshot
Permanently deletes an EBS snapshot; any AMIs based on it must be deregistered first.
AWS DeleteUser
Permanently deletes an IAM user; all attached policies, group memberships, and keys must be removed first.
AWS DeleteVolume
Permanently deletes an EBS volume; the volume must be detached from any instance before deletion.
AWS DisableKey
Disables a KMS encryption key, preventing any operations that depend on it until the key is re-enabled.
GCP google.iam.admin.v1.DeleteServiceAccount
Deletes a service account, disrupting workloads and applications that depend on it for authentication.
Azure Microsoft.Authorization/roleAssignments/delete
Deletes a role assignment, removing access for legitimate users and disrupting operations.
Azure Microsoft.Compute/virtualMachines/delete
Permanently deletes an Azure virtual machine.
Azure Microsoft.EventHub/namespaces/eventhubs/delete
Permanently deletes an Azure Event Hub entity within a namespace.
Azure Microsoft.KeyVault/vaults/delete
Permanently deletes an Azure Key Vault; without soft-delete, all secrets, keys, and certificates are unrecoverable.
Azure Microsoft.KeyVault/vaults/secrets/delete
Deletes a secret from an Azure Key Vault.
Azure Microsoft.OperationalInsights/workspaces/delete
Permanently deletes a Log Analytics workspace and its stored data.
Azure Microsoft.RecoveryServices/vaults/backupProtectedItems/delete
Removes a protected item from Azure Backup, stopping protection and deleting associated backup data.
Azure Microsoft.Sql/servers/databases/delete
Permanently deletes an Azure SQL Database.
Azure Microsoft.Storage/storageAccounts/blobServices/containers/delete
Permanently deletes a blob container from an Azure Storage account.
Azure Microsoft.Storage/storageAccounts/delete
Permanently deletes an Azure Storage account and all of its data.
Azure Microsoft.Storage/storageAccounts/regenerateKey/action
Regenerates one of the two access keys for an Azure Storage account, invalidating the previous key.
AWS PutBucketLifecycle
Sets lifecycle configuration on an S3 bucket to automate object transitions or expiration over time.
AWS PutBucketLifecycleConfiguration
Sets lifecycle rules on an S3 bucket to automatically transition objects to cheaper storage tiers or expire them.
AWS ScheduleKeyDeletion
Schedules a KMS customer managed key for deletion after a waiting period (7-30 days), after which encrypted data is unrecoverable.
GCP secretmanager.secrets.delete
Permanently deletes a secret and all of its versions from GCP Secret Manager.
GCP SecretManagerService.DestroySecretVersion
Permanently destroys a specific version of a secret in GCP Secret Manager, making its data irrecoverable.
GCP storage.buckets.delete
Permanently deletes a GCP Cloud Storage bucket; the bucket must be empty before deletion.
GCP storage.objects.delete
Deletes objects from Cloud Storage, used in data destruction or anti-forensics operations.
AWS TerminateInstances
Permanently terminates one or more EC2 instances, releasing instance store data and associated resources.
AWS UpdateLoginProfile
Updates the console login password for an IAM user.