MITRE ATT&CK
LightNews LightNews
banner
attack.mitre.org
MITRE ATT&CK
@attack.mitre.org
7.3K followers 17 following 140 posts
MITRE ATT&CK® - A knowledge base for describing the behavior of adversaries. Replying/Following/Reposting ≠ endorsement.
Posts Media Videos Starter Packs
Pinned
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · 3d
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.

@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
a man in a hooded jacket says " i am once again asking for your attention "
ALT: a man in a hooded jacket says " i am once again asking for your attention "
media.tenor.com
1 2 3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · 3d
🚨Big changes coming to ATT&CK on Tue (10/28) as we improve detections! It you use x_mitre_detection or x_mitre_data_sources, you need to update.

@lexonthehunt.bsky.social
covers the changes at:
🖥️ mitre.app.box.com/s/3lynwg8ebc...
📽️ mitre.brandlive.com/MITRE-ATTACK...
📖 medium.com/p/7e6738fec31f
a man in a hooded jacket says " i am once again asking for your attention "
ALT: a man in a hooded jacket says " i am once again asking for your attention "
media.tenor.com
1 2 3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Sep 3
Virtual registration for ATT&CKcon 6.0 is open! We hope you'll chose to join us in person at ATT&CK's home in McLean, VA October 14-15... But if you can't, catch the action for free online by registering at na.eventscloud.com/attackcon6/. Catch all of our talks & some exclusive online only content.
3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Aug 26
The ATT&CKcon 6.0 talk lineup is now live! Check out our fabulous group of speakers, or pick up a ticket to join us October 14-15 in McLean, VA at na.eventscloud.com/attackcon6. Only able to join us virtually? Hang tight, virtual registration opens September 3rd.
1 3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Aug 19
Want to learn even more detail about v18? We'll be covering it in depth at ATT&CKcon 6.0 October 14-15. In-person tickets are onsite now at na.eventscloud.com/attackcon6, with virtual registration coming in early September.
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Aug 19
Are you ready to celebrate National Chocolate Day this October 28th? We will be by releasing ATT&CK v18, our next version of MITRE ATT&CK!

We'll be releasing our usual updates to Techniques and Groups, but check out some big defensive changes on the way in this release (medium.com/mitre-attack...).
A chocolate ampersand
1 3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Aug 5
The ATT&CK team is out at #hackersummercamp and happy to chat, meet up, or just share some stickers. Drop a DM or stop by an appearance if you’re interested in saying hi!
whatshisface.bsky.social Adam Pennington @whatshisface.bsky.social · Aug 5
Headed for Vegas for @bsideslv.org, @defcon.bsky.social, and @blackhatevents.bsky.social! I have hundreds of @attack.mitre.org stickers and will be popping up Friday 11am on DEF CON Creator Stage 2 (defcon.org/html/defcon-...), and for a short talk in the AttackIQ BH booth (#5030) Wed 11am.
defcon.org
1 1 2
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jul 30
In-person ATT&CKcon 6.0 ticket sales are open! Come join us October 14-15 at ATT&CK HQ in McLean, VA. na.eventscloud.com/attackcon6/

We're almost set to announce this year's exciting speaker lineup and will open virtual registration Sep 3rd, so stay tuned!
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
3 3
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jul 9
Tonight's the night! The ATT&CKcon 6.0 CFP will automatically stop accepting submissions at 8pm ET tonight. Historically we get about half of our submissions today, so all you procrastinators are in good company.

Give it your best shot at openconf.org/ATTACKCON2025.
a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
ALT: a man in a black shirt and tie is holding a pen and a notebook and says you 're on my list
media.tenor.com
1 2
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jul 7
Wondering about tickets for ATT&CKcon 6.0? Details are coming soon.
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jul 7
We are excited to announce our ATT&CKcon 6.0 keynote, Lillian Teng! Lillian's worn numerous hats in cyber at NCIS, FBI, Yahoo, and Capital One and has served with the KC7 Foundation, GirlSecurity, and LEAP.

Want to also join us on stage? CFP closes Wed night! www.openconf.org/ATTACKCON2025.
1 6
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jun 3
Looking to attend in-person or virtually? Hang tight, ticket sales will be announced in the coming months.
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jun 3
Interested in sponsoring ATT&CKcon? We have a couple slots left, and you can find out more at na.eventscloud.com/attackcon6.
ATT&CKcon 6.0
MITRE ATT&CKcon | October 14 - 15, 2025
na.eventscloud.com
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jun 3
We're looking for what's practical, what's aspirational, and what you should never ever do with ATT&CK. We're looking to hear from the community on any and all applications of ATT&CK. From managers to operators, if you're using ATT&CK we want to hear from you.
1 1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Jun 3
The MITRE ATT&CKcon 6.0 CFP is now open! Are you interested in joining us on the ATT&CKcon stage in McLean, VA October 14-15, 2025? Pitch us on your best ATT&CK related talk! Our CFP will close on July 9th at 8pm ET sharp, so get those proposals started.
www.openconf.org/ATTACKCON202...
ATT&CKcon 6.0 Hero graphic
1 2 4
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
And make sure to check out the ESXi material on ATT&CK including T1675 cloud.google.com/blog/topics/...

And see the entire ATT&CK v17 release for more information medium.com/mitre-attack...
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
Read up on Google’s reporting: cloud.google.com/blog/topics/...
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant | Google Cloud Blog
cloud.google.com
1 1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
Google’s reporting details UNC3886, Chinese cyber espionage group, using a zero-day vulnerability that enabled the execution of privileged commands across guest virtual machines without authentication of guest credentials from a compromised ESXi host and no default logging on guest VMs.
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
T1675 describes activity in which an adversary abuses ESXi admin services to execute commands on guest machines.
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
One of the big updates for ATT&CK v17 was the new platform ESXi which reflects the rise in attacks on virtualization infrastructure. The technique we’re spotlighting today is new to ATT&CK: T1675 ESXi Administration Command attack.mitre.org/techniques/T...
ESXi Administration Command, Technique T1675 - Enterprise | MITRE ATT&CK®
attack.mitre.org
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
We’re currently reading Google’s reporting on VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors cloud.google.com/blog/topics/...
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors | Mandiant | Google Cloud Blog
cloud.google.com
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · May 8
An old idea that still holds true: Fight the enemy where they aren’t. Threat actors take this advice to heart by avoiding Endpoint Detection and Response solutions and targeting systems that do not generally support EDR such as VMware ESXi hosts.
1 1 9
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Apr 30
Read Volexity’s reporting here www.volexity.com/blog/2025/04... and be sure to browse the relevant procedures, mitigations, and detections at the ATT&CK technique page: attack.mitre.org/techniques/T...
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Since early March 2025, Volexity has observed multiple suspected Russian threat actors conducting highly targeted social engineering operations aimed at gaining access to the Microsoft 365 (M365) acco...
www.volexity.com
1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Apr 30
Signal is a powerful end-to-end encrypted chat app. At the end of the day, that doesn’t help at all when you’re being spearphished. In fact, the lack of visibility and detection inherent in an encrypted chat app could even potentially hurt. That’s a wrinkle requiring vigilance on all parts.
1 1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Apr 30
The world turns, the seasons change, but Russian threat actors targeting Microsoft 365 accounts stays the same. Earlier this year, the same actors were spotted conducting similar attacks also leveraging chat apps like Signal www.volexity.com/blog/2025/02...
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack cam...
www.volexity.com
1 1 1
attack.mitre.org
MITRE ATT&CK @attack.mitre.org · Apr 30
This behavior maps to T1566.003 Phishing: Spearphishing via Service, a technique in which adversaries send messages through various non-enterprise controlled services in large part because they are more likely to have a less-strict security policy than an enterprise. attack.mitre.org/techniques/T...
Phishing: Spearphishing via Service, Sub-technique T1566.003 - Enterprise | MITRE ATT&CK®
attack.mitre.org
1 1