risks / Account persistence


Allows an attacker to maintain access to the target system by manipulating existing accounts or creating new accounts. This can include modifying credentials and permission groups and other activity designed to subvert security policies.


This risk allows an attacker to significantly increase the scope of an attack, or the sensitivity of accessed systems.


  1. Use least-privileged access
  2. Use multi-factor authentication for user and privileged accounts
  3. Use firewalls and other access control mechanisms to isolate critical systems


  1. https:/​/​attack.mitre.org/​techniques/​T1098/​
  2. https:/​/​attack.mitre.org/​techniques/​T1136/​

Affected Privileges

An attacker may be able to exploit this risk if they gain any of the following privileges:

Google Cloud Platform

© 2023–present P0 Security and contributors to the IAM Privilege Catalog