Back

ATT&CK v19 Release Introduces Major Changes in Defense Evasion Tactics

Severity: Low (Score: 27.9)

Sources: attack.mitre.org, Medium

Summary

The ATT&CK framework has released version 19, which includes significant updates to its structure and coverage. Notably, the Defense Evasion Tactic has been split into two distinct categories: Stealth and Defense Impairment, allowing for more precise defensive strategies. This version also introduces sub-techniques for the ICS matrix and initial detection strategies for mobile environments. The updates reflect the evolving landscape of cyber threats, including AI-driven espionage and Iranian hacktivism. The release includes a detailed changelog and guidance for transitioning to the new tactics. The framework now encompasses 949 pieces of software, 178 groups, and 59 campaigns, providing a comprehensive overview of current threat actors and their methods. Security professionals are encouraged to review the changes to enhance their defensive postures against emerging threats. Key Points: • ATT&CK v19 introduces a split in Defense Evasion into Stealth and Defense Impairment. • New sub-techniques for ICS and detection strategies for mobile environments are included. • The release features a detailed changelog and guidance for transitioning to the updated tactics.

Key Entities

  • Agrius (apt_group)
  • Apt38 (apt_group)
  • APT41 (apt_group)
  • APT5 (apt_group)
  • Aquatic Panda (apt_group)
  • Akira (ransomware_group)
  • Egregor (ransomware_group)
  • Maze (ransomware_group)
  • Avaddon (ransomware_group)
  • Lockbit (ransomware_group)
  • Grandoreiro (malware)
  • Agent Tesla (malware)
  • Conficker (malware)
  • DarkComet (malware)
  • DarkGate (malware)
  • Malware (attack_type)
  • Phishing (attack_type)
  • Supply Chain Attack (attack_type)
  • 2015 Ukraine Electric Power Attack (campaign)
  • Iran (country)
  • People’s Republic Of China (country)
  • Ukraine (country)
  • CVE-2024-55591 (cve)
  • attack.mitre.org (domain)
  • dsupgrade.pm (domain)
  • Mango (company)
  • IObit (company)
  • T1003 - OS Credential Dumping (mitre_attack)
  • T1021 - Remote Services (mitre_attack)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1047 - Windows Management Instrumentation (mitre_attack)
  • T1053 - Scheduled Task/Job (mitre_attack)
  • Android (platform)
  • Cisco ASA (platform)
  • IOS (platform)
  • Linux (platform)
  • MacOS (platform)
  • GMER (tool)
  • PowerShell (tool)
  • PowerTool (tool)
  • PSExec (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed