MITRE ATT&CK — FreeIntelHub

T1557 — Adversary-in-the-Middle (Credential Access)

Clear filter

7 articles found

SC Media Data Breach 4d ago

The AiTM problem nobody's architecture actually solves

Accountability becomes the big issue following a breach – does the team know who’s responsible for what?

T1557 T1598

Mandiant Blog TTPs Google Intel May 15

Welcome to BlackFile: Inside a Vishing Extortion Operation

Written by: Austin Larsen, Tyler McLellan, Genevieve Stark, Dan Ebreo Introduction Google Threat Intelligence Group (GTIG) has continued to track an expansiv...

T1566 T1557

Mandiant Blog →

GBHackers Vulnerability Disclosure Google May 7

Hackers Exploit Google Ads to Steal GoDaddy ManageWP Logins

Hackers are abusing Google Ads to steal GoDaddy ManageWP credentials by placing a look‑alike phishing ad above the legitimate ManageWP result and proxying vi...

T1566 T1557

Microsoft Security Blog Campaigns Microsoft May 4

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise

Microsoft Defender Research observed a large-scale credential theft campaign that exemplifies this trend, using code of conduct-themed lures, a multi-step at...

T1566 T1078 T1557

Microsoft Security Blog →

Infosecurity Magazine Campaigns Google Mar 27

New Wave of AiTM Phishing Targets TikTok for Business

Push Security has uncovered a new AiTM phishing campaign targeting TikTok for Business accounts using Google and TikTok themed login pages

T1566 T1557

Infosecurity Magazine →

Infosecurity Magazine TTPs Mar 23

Tycoon2FA Phishing Service Resumes Activity Post-Takedown

Tycoon2FA phishing platform resumes activity post-takedown, leveraging AITM techniques to bypass MFA

T1566 T1557

Infosecurity Magazine →

ESET Research Campaigns Nov 19

PlushDaemon compromises network devices for adversary-in-the-middle attacks

ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks

T1557

ESET Research →

Initial Access

T1566 Phishing T1566.001 Spearphishing Attachment T1566.002 Spearphishing Link T1190 Exploit Public-Facing Application T1133 External Remote Services T1078 Valid Accounts T1195 Supply Chain Compromise T1189 Drive-by Compromise

Execution

T1059 Command and Scripting Interpreter T1059.001 PowerShell T1203 Exploitation for Client Execution T1204 User Execution

Persistence

T1053 Scheduled Task/Job T1547 Boot or Logon Autostart Execution T1543 Create or Modify System Process

Privilege Escalation

T1548 Abuse Elevation Control Mechanism T1068 Exploitation for Privilege Escalation

Defense Evasion

T1027 Obfuscated Files or Information T1562 Impair Defenses T1070 Indicator Removal

Credential Access

T1110 Brute Force T1555 Credentials from Password Stores T1003 OS Credential Dumping T1557 Adversary-in-the-Middle T1556 Modify Authentication Process

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information