TIARAS - T1578: Modify Cloud Compute Infrastructure

MITRE ATT&CK Technique

Defense Evasion T1578

Description

An adversary may attempt to modify a cloud account's compute service infrastructure to evade defenses. A modification to the compute service infrastructure can include the creation, deletion, or modification of one or more components such as compute instances, virtual machines, and snapshots. Permissions gained from the modification of infrastructure components may bypass restrictions that prevent access to existing infrastructure. Modifying infrastructure components may also allow an adversary to evade detection and remove evidence of their presence.(Citation: Mandiant M-Trends 2020)

Supported Platforms

IaaS

Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data

{'created': '2019-08-30T18:03:05.864Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': "An adversary may attempt to modify a cloud account's compute "
                'service infrastructure to evade defenses. A modification to '
                'the compute service infrastructure can include the creation, '
                'deletion, or modification of one or more components such as '
                'compute instances, virtual machines, and snapshots.\n'
                '\n'
                'Permissions gained from the modification of infrastructure '
                'components may bypass restrictions that prevent access to '
                'existing infrastructure. Modifying infrastructure components '
                'may also allow an adversary to evade detection and remove '
                'evidence of their presence.(Citation: Mandiant M-Trends 2020)',
 'external_references': [{'external_id': 'T1578',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1578'},
                         {'description': 'Mandiant. (2020, February). M-Trends '
                                         '2020. Retrieved November 17, 2024.',
                          'source_name': 'Mandiant M-Trends 2020',
                          'url': 'https://www.mandiant.com/sites/default/files/2021-09/mtrends-2020.pdf'}],
 'id': 'attack-pattern--144e007b-e638-431d-a894-45d90c54ab90',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'defense-evasion'}],
 'modified': '2025-10-24T17:48:26.284Z',
 'name': 'Modify Cloud Compute Infrastructure',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['IaaS'],
 'x_mitre_version': '1.2'}

Quick Actions

Edit TTP Update from Web

Back to TTPs

Dashboard About