V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
← Back to List
T1098Enterprise
Matrix: Enterprise
Status: Active
STIX: 19.0
Source ↗

Account Manipulation

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Account manipulation may consist of any action that preserves or modifies adversary access to a compromised account, such as modifying credentials or permission groups. These actions could also include account activity designed to subvert security policies, such as performing iterative password updates to bypass password duration policies and preserve the life of compromised credentials. In order to create or manipulate accounts, the adversary must already have sufficient permissions on systems or the domain. However, account manipulation may also lead to privilege escalation where modifications grant access to additional roles, permissions, or higher-privileged Valid Accounts.

Tactics

PersistencePrivilege Escalation

Sub-techniques

T1098.001
Additional Cloud Credentials
T1098.002
Additional Email Delegate Permissions
T1098.003
Additional Cloud Roles
T1098.004
SSH Authorized Keys
T1098.005
Device Registration
T1098.006
Additional Container Cluster Roles
T1098.007
Additional Local or Domain Groups

Platforms

ContainersESXiIaaSIdentity ProviderLinuxmacOSNetwork DevicesOffice SuiteSaaSWindows

Mitigations

M1018
User Account Management
M1022
Restrict File and Directory Permissions
M1026
Privileged Account Management
M1028
Operating System Configuration
M1030
Network Segmentation
M1032
Multi-factor Authentication
M1042
Disable or Remove Feature or Program
Open in catalog with ATT&CK filter →

Related CAPECs

Affected vulnerabilities (Inferred)

View on attack.mitre.org ↗
No matches — refine the filter to see a result.