MITRE ATT&CK Mapping
Technique-by-technique assessment of Phantom's protection coverage against the MITRE ATT&CK Cloud and Containers matrices. 85 unique techniques evaluated.
Methodology
This mapping covers all techniques from the MITRE ATT&CK Enterprise Cloud matrix (IaaS, SaaS, Identity Provider, Office Suite) and the Containers matrix. Techniques appearing in both are listed once. Assessment is based on Phantom's core mechanisms:
- Mutating admission webhook — intercepts all pod creation, can enforce image policies, block privileged containers, inject sidecars
- In-memory secret delivery — secrets fetched from EU-hosted OpenBao directly into process memory; never written to etcd, env vars, or volumes
- mTLS sidecar communication — encrypted channel between sidecar and OpenBao; separate PKI from cloud provider
- Confidential Computing — when combined with AMD SEV-SNP / Intel TDX nodes, VM memory is hardware-encrypted and inaccessible to the hypervisor
Protection Levels
Protected Phantom directly mitigates this technique by design
Partial Some protection via webhook enforcement, mTLS, or confidential VMs — not the primary purpose
Out of Scope Not addressed — requires other security controls
N/A Technique is irrelevant to Kubernetes secret protection
Phantom is a precision tool, not a broad security platform
Phantom's coverage is narrow but deep. It provides complete protection in the Credential Access and Collection tactics — exactly where secrets are at risk. The 48 "out of scope" techniques are things like account discovery, denial of service, and email spoofing — threats that require entirely different security controls and aren't related to data sovereignty.
Tactics & Techniques
Initial Access — 2 partial, 2 out of scope, 3 N/A
How adversaries gain their first foothold. Phantom doesn't prevent initial access but limits what an attacker can reach once inside.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1078 | Valid Accounts | Cloud Container | Partial | Cloud creds don't grant access to OpenBao secrets. Separate auth chain limits blast radius. |
| T1195 | Supply Chain Compromise | Cloud | Partial | Webhook can enforce image signing verification and block untrusted images. |
| T1190 | Exploit Public-Facing Application | Cloud Container | Out of Scope | Application-level vulnerability. Requires WAF, patching, etc. |
| T1199 | Trusted Relationship | Cloud | Out of Scope | Third-party trust exploitation. Requires vendor management controls. |
| T1133 | External Remote Services | Container | Out of Scope | Exposed services like K8s API, dashboards. Requires network policies. |
| T1189 | Drive-by Compromise | Cloud | N/A | Browser-level attack. Not relevant to K8s workloads. |
| T1566 | Phishing | Cloud | N/A | Social engineering. Even if creds stolen, they don't unlock OpenBao. |
Execution — 4 partial, 3 out of scope, 1 N/A
How adversaries run malicious code. The webhook's admission control provides a strong gating mechanism for container execution.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1609 | Container Administration Command | Container | Partial | Webhook can restrict kubectl exec. Secrets are in-memory, not in env vars or files. |
| T1610 | Deploy Container | Container | Partial | Webhook validates all pod deployments. Can block unauthorized images. |
| T1204 | User Execution (Malicious Image) | Cloud Container | Partial | Webhook can enforce trusted image registries and signing. |
| T1677 | Poisoned Pipeline Execution | Cloud | Partial | Secrets aren't in CI/CD pipelines. OpenBao delivers only at runtime to authorized pods. |
| T1053 | Scheduled Task/Job | Container | Partial | Webhook intercepts CronJob/Job pod creation. Same admission policies apply. |
| T1651 | Cloud Administration Command | Cloud | Out of Scope | Cloud API abuse (gcloud, aws cli). Requires IAM controls. |
| T1059 | Command and Scripting Interpreter | Cloud | Out of Scope | Cloud API scripting. Requires IAM and audit controls. |
| T1072 | Software Deployment Tools | Cloud | Out of Scope | Abuse of deployment tools like Ansible, Terraform. Requires pipeline security. |
| T1648 | Serverless Execution | Cloud | N/A | Lambda/Cloud Functions. Phantom is Kubernetes-only. |
Persistence — 2 partial, 5 out of scope, 1 N/A
How adversaries maintain access. Phantom's webhook provides ongoing admission control, and its separate auth chain limits persistence value.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1525 | Implant Internal Image | Cloud Container | Partial | Webhook can enforce image hash pinning and block tampered images. |
| T1556 | Modify Authentication Process | Cloud | Partial | Phantom uses its own mTLS auth chain to OpenBao. Modifying cloud auth doesn't affect secret access. |
| T1098 | Account Manipulation | Cloud Container | Out of Scope | Cloud IAM manipulation. Requires IAM monitoring. |
| T1136 | Create Account | Cloud Container | Out of Scope | New account creation in cloud or K8s. Requires audit controls. |
| T1546 | Event Triggered Execution | Cloud | Out of Scope | Cloud event triggers (Lambda, Cloud Functions). Requires event pipeline controls. |
| T1543 | Create or Modify System Process | Container | Out of Scope | Host-level process manipulation. Requires node hardening. |
| T1671 | Cloud Application Integration | Cloud | Out of Scope | OAuth app registration abuse. Requires app governance. |
| T1137 | Office Application Startup | Cloud | N/A | Office macro persistence. Not relevant to K8s. |
Privilege Escalation — 1 partial, 3 out of scope
How adversaries gain higher-level permissions. Phantom's primary defense here is that even with elevated cloud privileges, secrets remain in a separate EU-controlled domain.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1611 | Escape to Host | Container | Partial | Container escape gives host access, but with Confidential VMs (SEV-SNP), process memory is hardware-encrypted. Secrets remain protected even after escape. |
| T1548 | Abuse Elevation Control Mechanism | Cloud | Out of Scope | Cloud IAM privilege escalation. Requires least-privilege IAM. |
| T1484 | Domain or Tenant Policy Modification | Cloud | Out of Scope | Org policy changes. Requires policy monitoring. |
| T1068 | Exploitation for Privilege Escalation | Container | Out of Scope | Kernel/runtime exploits. Requires patching and seccomp profiles. |
Confidential Computing upgrade
T1611 (Escape to Host) is the most critical container privilege escalation. With Confidential VMs, even a full host compromise cannot read encrypted process memory — making this a strong protection when combined with Phantom.
Defense Evasion — 5 partial, 6 out of scope, 1 N/A
How adversaries avoid detection. Phantom's webhook and mTLS create independent defense layers that are harder to evade than cloud-native controls.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1578 | Modify Cloud Compute Infrastructure | Cloud | Partial | Attacker snapshots VM or modifies instances. With Confidential VMs, snapshots contain encrypted memory. Without them, this is a real threat. |
| T1562 | Impair Defenses | Cloud Container | Partial | Webhook is an admission-level defense. Disabling it requires K8s API access, which is auditable. Can be hardened with failClosed policy. |
| T1656 | Impersonation | Cloud | Partial | mTLS between sidecar and OpenBao prevents service impersonation for secret retrieval. Certs are EU-managed. |
| T1550 | Use Alternate Authentication Material | Cloud Container | Partial | Phantom tokens are short-lived and separate from cloud tokens. Stolen cloud tokens don't grant OpenBao access. |
| T1612 | Build Image on Host | Container | Partial | Webhook can block pods running locally-built images that aren't in trusted registries. |
| T1211 | Exploitation for Defense Evasion | Cloud | Out of Scope | Zero-day exploitation. Requires defense-in-depth and patching. |
| T1564 | Hide Artifacts | Cloud | Out of Scope | Hidden cloud resources. Requires cloud inventory monitoring. |
| T1070 | Indicator Removal | Cloud Container | Out of Scope | Log deletion. Requires immutable logging (e.g., external SIEM). |
| T1666 | Modify Cloud Resource Hierarchy | Cloud | Out of Scope | Org/folder manipulation. Requires organizational controls. |
| T1535 | Unused/Unsupported Cloud Regions | Cloud | Out of Scope | Deploying to obscure regions. Requires org policy constraints. |
| T1036 | Masquerading | Container | Out of Scope | Disguised container names/images. Requires image verification. |
| T1672 | Email Spoofing | Cloud | N/A | Email-based attack. Not relevant to K8s infrastructure. |
Credential Access — 4 protected, 4 partial, 1 out of scope, 2 N/A ★ Core Protection
This is Phantom's primary battleground
Credential Access is where Phantom delivers its strongest value. 4 techniques are directly protected and 4 more are partially covered. The core design — secrets in process memory only, EU-managed PKI, separate auth chain — addresses the fundamental ways attackers steal credentials.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1552 | Unsecured Credentials | Cloud Container | Protected | CORE. Secrets never written to etcd, env vars, configmaps, volumes, or any cloud-accessible store. They exist only in process memory. |
| T1528 | Steal Application Access Token | Cloud Container | Protected | OpenBao tokens are short-lived, in-memory, and scoped to specific pod identities. No persistent tokens to steal. |
| T1555 | Credentials from Password Stores | Cloud | Protected | Secrets are NOT in any cloud-native secret store (GCP Secret Manager, AWS Secrets Manager, etc.). They're in EU-hosted OpenBao. |
| T1040 | Network Sniffing | Cloud | Protected | mTLS between sidecar and OpenBao. All secret transit is encrypted with EU-managed certificates. |
| T1110 | Brute Force | Cloud Container | Partial | OpenBao supports rate limiting and lockout. Separate auth system from cloud IAM. |
| T1606 | Forge Web Credentials | Cloud | Partial | Phantom uses a separate credential chain (mTLS certs, not SAML/OAuth). Forging cloud tokens doesn't grant secret access. |
| T1649 | Steal or Forge Authentication Certificates | Cloud | Partial | PKI is EU-managed, separate from cloud provider's CA. Attacking cloud PKI doesn't compromise the Phantom cert chain. |
| T1556 | Modify Authentication Process | Cloud | Partial | Modifying cloud IdP doesn't affect OpenBao auth. Phantom's auth chain is independent. |
| T1212 | Exploitation for Credential Access | Cloud | Out of Scope | Zero-day exploitation of credential systems. Requires patching and hardening. |
| T1621 | Multi-Factor Authentication Request Generation | Cloud | N/A | MFA fatigue attacks. Not relevant to machine-to-machine auth. |
| T1539 | Steal Web Session Cookie | Cloud | N/A | Browser session theft. Phantom doesn't use web sessions for secret delivery. |
Discovery — 1 partial, 15 out of scope
How adversaries explore and map the environment. Discovery is largely outside Phantom's scope — these are reconnaissance activities that require network segmentation, RBAC, and monitoring.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1619 | Cloud Storage Object Discovery | Cloud | Partial | Secrets aren't in cloud storage objects. Attackers can enumerate buckets but won't find secrets there. |
| T1087 | Account Discovery | Cloud | Out of Scope | Enumerating accounts. Requires RBAC restrictions. |
| T1580 | Cloud Infrastructure Discovery | Cloud | Out of Scope | Mapping cloud resources. Requires least-privilege IAM. |
| T1538 | Cloud Service Dashboard | Cloud | Out of Scope | Console access. Requires MFA and session controls. |
| T1526 | Cloud Service Discovery | Cloud | Out of Scope | Enumerating cloud services. Requires IAM restrictions. |
| T1680 | Local Storage Discovery | Cloud | Out of Scope | Browsing local storage. Secrets aren't on disk. |
| T1654 | Log Enumeration | Cloud | Out of Scope | Reading logs. Requires log access controls. |
| T1046 | Network Service Discovery | Cloud Container | Out of Scope | Port scanning. Requires network policies. |
| T1201 | Password Policy Discovery | Cloud | Out of Scope | Enumerating password policies. Low impact for machine auth. |
| T1069 | Permission Groups Discovery | Cloud Container | Out of Scope | Mapping RBAC groups. Requires RBAC restrictions. |
| T1518 | Software Discovery | Cloud | Out of Scope | Identifying installed software. Requires runtime security. |
| T1082 | System Information Discovery | Cloud | Out of Scope | OS/hardware enumeration. Low impact for secret protection. |
| T1614 | System Location Discovery | Cloud | Out of Scope | Determining geo-location. Not directly relevant. |
| T1049 | System Network Connections Discovery | Cloud | Out of Scope | Network mapping. Requires network policies. |
| T1613 | Container and Resource Discovery | Container | Out of Scope | Enumerating pods/services. Requires K8s RBAC. |
Lateral Movement — 3 out of scope, 1 N/A
How adversaries move through the environment. Phantom's isolation model means compromising one component doesn't grant access to secrets in another — but preventing lateral movement itself requires network controls.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1021 | Remote Services | Cloud | Out of Scope | SSH, RDP, cloud serial console. Requires access controls and bastion hosts. |
| T1080 | Taint Shared Content | Cloud | Out of Scope | Poisoning shared storage. Requires integrity monitoring. |
| T1072 | Software Deployment Tools | Cloud | Out of Scope | Abusing deployment tools for lateral movement. Requires pipeline security. |
| T1534 | Internal Spearphishing | Cloud | N/A | Internal phishing. Not relevant to machine-to-machine infrastructure. |
Collection — 2 protected, 2 out of scope, 1 N/A ★ Strong Coverage
How adversaries gather data of interest. Phantom ensures secrets are absent from the locations where attackers typically look — cloud storage, information repositories, and configuration stores.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1530 | Data from Cloud Storage | Cloud | Protected | Secrets are never stored in cloud storage (S3, GCS, Azure Blob). Nothing to collect. |
| T1213 | Data from Information Repositories | Cloud | Protected | Secrets never written to wikis, repos, SharePoint, or other information stores. |
| T1119 | Automated Collection | Cloud | Out of Scope | Automated scripts collecting data. Application-level concern. |
| T1074 | Data Staged | Cloud | Out of Scope | Staging exfiltration data. Requires DLP controls. |
| T1114 | Email Collection | Cloud | N/A | Email harvesting. Not relevant to K8s infrastructure. |
Exfiltration — 1 partial, 2 out of scope
How adversaries steal data. Phantom ensures secrets can't be exfiltrated from cloud infrastructure because they aren't stored there — but application-level data exfiltration requires separate controls.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1537 | Transfer Data to Cloud Account | Cloud | Partial | Attacker copies cloud data to their account. Secrets aren't in cloud-accessible storage to copy. |
| T1048 | Exfiltration Over Alternative Protocol | Cloud | Out of Scope | Data exfiltration via DNS, ICMP, etc. Requires network monitoring. |
| T1567 | Exfiltration Over Web Service | Cloud | Out of Scope | Data exfiltration to external services. Requires egress controls. |
Impact — 1 partial, 9 out of scope, 1 N/A
How adversaries disrupt, destroy, or manipulate. Phantom doesn't prevent destructive attacks, but its architecture means secrets survive infrastructure destruction because they're managed externally.
| ID | Technique | Matrix | Status | Notes |
|---|---|---|---|---|
| T1486 | Data Encrypted for Impact | Cloud | Partial | Ransomware can't encrypt secrets because they're in EU-hosted OpenBao, not in cloud infrastructure. Secrets survive cloud-side ransomware. |
| T1531 | Account Access Removal | Cloud | Out of Scope | Locking out admins. Requires break-glass procedures. |
| T1485 | Data Destruction | Cloud Container | Out of Scope | Deleting data. Secrets are safe in OpenBao, but app data requires backups. |
| T1491 | Defacement | Cloud | Out of Scope | Website/service defacement. Application-level concern. |
| T1499 | Endpoint Denial of Service | Cloud Container | Out of Scope | Service disruption. Requires rate limiting and scaling. |
| T1657 | Financial Theft | Cloud | Out of Scope | Crypto mining, billing abuse. Requires billing alerts. |
| T1490 | Inhibit System Recovery | Cloud Container | Out of Scope | Deleting backups/snapshots. Requires backup protection. |
| T1498 | Network Denial of Service | Cloud Container | Out of Scope | DDoS. Requires cloud DDoS protection. |
| T1496 | Resource Hijacking | Cloud Container | Out of Scope | Cryptojacking. Requires resource monitoring. |
| T1489 | Service Stop | Cloud | Out of Scope | Stopping services. Requires HA and access controls. |
| T1667 | Email Bombing | Cloud | N/A | Email-based disruption. Not relevant to K8s. |
Coverage by Tactic
| Tactic | Total | Protected | Partial | Out of Scope | N/A |
|---|---|---|---|---|---|
| Credential Access | 11 | 4 | 4 | 1 | 2 |
| Collection | 5 | 2 | 0 | 2 | 1 |
| Defense Evasion | 12 | 0 | 5 | 6 | 1 |
| Execution | 9 | 0 | 5 | 3 | 1 |
| Initial Access | 7 | 0 | 2 | 2 | 3 |
| Persistence | 8 | 0 | 2 | 5 | 1 |
| Exfiltration | 3 | 0 | 1 | 2 | 0 |
| Privilege Escalation | 4 | 0 | 1 | 3 | 0 |
| Impact | 11 | 0 | 1 | 9 | 1 |
| Discovery | 16 | 0 | 1 | 15 | 0 |
| Lateral Movement | 4 | 0 | 0 | 3 | 1 |
| Total | 85 | 6 | 21 | 48 | 10 |
Confidential Computing Multiplier
When Phantom is deployed on Confidential VM nodes (AMD SEV-SNP / Intel TDX), several techniques that are "partial" or "out of scope" gain significant additional protection because the hypervisor cannot read process memory:
| ID | Technique | Without Confidential VMs | With Confidential VMs |
|---|---|---|---|
| T1611 | Escape to Host | Partial | Protected |
| T1578 | Modify Cloud Compute Infrastructure | Partial | Protected |
| T1552 | Unsecured Credentials (memory dump vector) | Protected | Protected+ |
| T1609 | Container Administration Command | Partial | Partial+ |
With Confidential VMs: 8 protected, 20 partial
Confidential Computing upgrades 2 techniques from partial to fully protected. The webhook can enforce confidential node scheduling via node affinity and taints, making this a zero-configuration upgrade path.
Key Takeaways
Strongest where it matters most
Phantom achieves 73% coverage (4 protected + 4 partial out of 11) in Credential Access — the tactic most directly related to data sovereignty and secret protection. This is not a generic security tool trying to cover everything; it's a focused solution that excels at its core mission.
Complement, don't replace
48 techniques are out of scope. Customers still need: cloud IAM controls, network policies, runtime security (Falco/Tetragon), SIEM/logging, vulnerability management, and DDoS protection. Phantom handles the data sovereignty layer — everything else remains the customer's responsibility.
CLOUD Act specific value
The techniques most relevant to a CLOUD Act compelled disclosure scenario are T1552 (Unsecured Credentials), T1555 (Credentials from Password Stores), T1530 (Data from Cloud Storage), T1578 (Modify Cloud Compute Infrastructure / VM snapshot), and T1213 (Data from Information Repositories). Phantom provides Protected or Partial coverage for all five. With Confidential VMs, all five become fully Protected.
Data Sources
Based on MITRE ATT&CK v16+ (October 2025 update). Enterprise matrix: 216 techniques total, of which the Cloud matrix contains ~89 and Containers matrix contains ~39 unique techniques. Combined and deduplicated: 85 unique techniques relevant to Phantom's operating environment.
- MITRE ATT&CK Cloud Matrix — attack.mitre.org/matrices/enterprise/cloud/
- MITRE ATT&CK Containers Matrix — attack.mitre.org/matrices/enterprise/containers/
- Assessment reflects Phantom's architecture as described in the Security Analysis and Architecture pages