MITRE ATT&CK / T1555
T1555
Credentials from Password Stores
Credential Access
Description
Adversaries may search for common password storage locations to obtain user credentials.(Citation: F-Secure The Dukes) Passwords are stored in several places on a system, depending on the operating system or application holding the credentials. There are also specific applications and services that store passwords to make them easier for users to manage and maintain, such as password managers and cloud secrets vaults. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.
Platforms
IaaSLinuxmacOSWindows
Mitigations
- M1026 — Privileged Account Management
- M1051 — Update Software
- M1027 — Password Policies
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures
- PCPJack Cloud Worm Evicts TeamPCP and Steals 40+ Credential Types at Scale
- Attackers Abuse Bun JavaScript Runtime to Spread NWHStealer Infostealer
- ACSC Warns: ClickFix Campaign Delivers Vidar Stealer via Compromised Australian WordPress Sites
- UAT-8302 China APT Malware Analysis: Shared Implants, IOCs, and Detection Rules
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →