This technique is an extension of the MITRE ATT&CK matrix and represents an attacker abusing permissive cloud identity policies.

The core technique here is tied to the abuse of poorly defined segregation of duties in the context of identity policy. A malicious actor could make use of policies to pivot from an on-prem environment into a cloud based one. Incorrectly assigned policies or overly permissive policies could also be abused by a malicious actor to carry out attacks or actions that are unexpected. This latter attack vector often arises due to cloud service providers requiring their policies to provide wide coverage for many different use cases.

Mitigation: Follow the documented best practices when creating and applying policies to cloud resources. Make use of the various different policy types, and ensure that they are attached to the most suitable resource as per architecture requirements.