The MITRE ATTACK framework is a comprehensive model for understanding and categorizing cyber threats and tactics. It was developed by MITRE Corporation, a non-profit organization that operates research and development centers for the US government.
The ATTACK framework consists of a matrix of tactics and techniques used by cyber adversaries to achieve their objectives. The tactics are the overarching goals of a cyber attack, such as initial access, execution, or exfiltration. The techniques are the specific methods used by the attacker to achieve those goals, such as phishing, malware delivery, or privilege escalation.
The ATTACK matrix is organized into several categories, including initial access, execution, persistence, privilege escalation, defense evasion, credential access, discovery, lateral movement, collection, exfiltration, and impact. Each category includes multiple tactics and techniques that can be used by attackers to achieve their objectives.
The ATTACK framework is widely used in the cybersecurity industry for threat modeling, threat hunting, and incident response. By understanding the tactics and techniques used by cyber adversaries, organizations can develop more effective defense strategies and better respond to attacks.
MITRE Corporation also maintains a public repository of real-world adversary behavior known as the MITRE ATTACK knowledge base. This knowledge base includes detailed descriptions of known attacker groups, their tactics, and the techniques they use, as well as tools and procedures that can be used to detect and mitigate their attacks.
