Skip to content

Google GCM Service Account

Service Name: Google Cloud Platform

Service Description: Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, offering various services for computing, storage, networking, big data, machine learning and the Internet of Things (IoT).

Service Address: https://cloud.google.com/

GOOGLE GCM Service Account

  • Validation Type: NHI Enriched
  • IP Allow list: Does not exist
  • Secret Access Scope: Grants access to Google Cloud Messaging (GCM) services and resources associated with the service account.
  • Secret Revokement URL: https://console.cloud.google.com/iam- admin/serviceaccounts
  • Secret Example: {"type":"service_account","project_id":"my-project- 123456","private_key_id":"abcdef1234567890abcdef1234567890abcdef12","pri vate_key":"-----BEGIN PRIVATE KEY----- \nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC7VJTUt9Us8cKj\nMzEf YyjiWA4R4/M2bS1GB4t7NXp98C3SC6dVMvDuictGeurT8jNbvJZHtCSuYEvu\nNMoSfm76oq FvAp8Gy0iz5sxjZmSnXyCdPEovGhLa0VzMaQ8s+CLOyS56YyCFGeJZ\n-----END PRIVATE KEY-----\n","client_email":"service-account@my-project- 123456.iam.gserviceaccount.com","client_id":"123456789012345678901","aut h_uri":"https://accounts.google.com/o/oauth2/auth","token_uri":"https:// oauth2.googleapis.com/token","auth_provider_x509_cert_url":"https://www. googleapis.com/oauth2/v1/certs","client_x509_cert_url":"https://www.goog leapis.com/robot/v1/metadata/x509/service-account%40my-project- 123456.iam.gserviceaccount.com"}
  • Suspicious Activity Investigation Instructions:
  • Review Google Cloud audit logs for unauthorized API calls or resource access
  • Check for unusual authentication events in the Google Cloud Console
  • Examine service account usage patterns for anomalies
  • Look for unexpected changes to service account permissions
  • Monitor for unusual geographic access patterns
  • Mitigation Instructions:
  • Immediately disable the compromised service account in the Google Cloud Console
  • Navigate to IAM & Admin > Service Accounts
  • Select the compromised service account and click "Disable"
  • Create a new service account with appropriate permissions
  • Rotate all keys associated with the compromised service account
  • Review and restrict the permissions granted to service accounts
  • Enable audit logging for service account activities
  • Consider implementing VPC Service Controls to restrict service account access