216.73.217.80

T1213.006: Databases

View on MITRE ATT&CK The MITRE Corporation · Published 22/05/2025 21:02 · Modified 27/03/2026 01:08

Essential information

MITRE technique ID
T1213.006
Confidence
100/100
Revoked
No
Published
22/05/2025 21:02
Modified
27/03/2026 01:08
Author / Source
The MITRE Corporation

Platforms

windows macos linux IaaS SaaS

Description

Adversaries may leverage databases to mine valuable information. These databases may be hosted on-premises or in the cloud (both in platform-as-a-service and software-as-a-service environments). Examples of databases from which information may be collected include MySQL, PostgreSQL, MongoDB, Amazon Relational Database Service, Azure SQL Database, Google Firebase, and Snowflake. Databases may include a variety of information of interest to adversaries, such as usernames, hashed passwords, personally identifiable information, and financial data. Data collected from databases may be used for [Lateral Movement](https://attack.mitre.org/tactics/TA0008), [Command and Control](https://attack.mitre.org/tactics/TA0011), or [Exfiltration](https://attack.mitre.org/tactics/TA0010). Data exfiltrated from databases may also be used to extort victims or may be sold for profit.(Citation: Google Cloud Threat Intelligence UNC5537 Snowflake 2024)

Kill chain phases

Kill chainPhase
mitre-attack collection

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references