ATT&CK v19 Release Introduces Major Changes in Defense Evasion Tactics

ATT&CK v19 Release Introduces Major Changes in Defense Evasion Tactics

First seen 28 Apr 2026, 16:38 UTC Mediumattack.mitre.orgIndustrialcyber.Cona.eventscloud.com 90% similarity 27.9

Article Content

Browse articles
ThreatCluster

The ATT&CK framework has released version 19, which includes significant updates to its structure and coverage. Notably, the Defense Evasion Tactic has been split into two distinct categories: Stealth and Defense Impairment, allowing for more precise defensive strategies. This version also introduces sub-techniques for the ICS matrix and initial detection strategies for mobile environments. The updates reflect the evolving landscape of cyber threats, including AI-driven espionage and Iranian hacktivism. The release includes a detailed changelog and guidance for transitioning to the new tactics. The framework now encompasses 949 pieces of software, 178 groups, and 59 campaigns, providing a comprehensive overview of current threat actors and their methods. Security professionals are encouraged to review the changes to enhance their defensive postures against emerging threats.

Key Points: • ATT&CK v19 introduces a split in Defense Evasion into Stealth and Defense Impairment. • New sub-techniques for ICS and detection strategies for mobile environments are included. • The release features a detailed changelog and guidance for transitioning to the updated tactics.

ThreatCluster AI

Timeline

2026-04-28
ATT&CK v19 released with major updates and structural changes.

Community

Browse all →