Insider Threat Matrix™Insider Threat Matrix™
  • ID: IF039.003
  • Created: 07th July 2026
  • Updated: 07th July 2026
  • MITRE ATT&CK®: T1078T1078.001T1078.002T1078.003T1078.004
  • Contributor: The ITM Team

Illicit Access to a Service Account

A subject accesses or uses a service account, automation account, application identity, deployment account, or other non-personal account without being assigned, delegated, approved, or operationally authorized to use it. These accounts are typically created for system, application, administrative, automation, or integration functions rather than direct individual use.

 

This behavior may involve the subject independently obtaining or using credentials, keys, tokens, secrets, certificates, stored authentication material, or configuration artifacts associated with the service account. The defining behavior is that the subject uses a non-personal account outside the scope of any approved role, workflow, or administrative process.