MITRE ATT&CK / T1562
T1562
Impair Defenses
Description
Adversaries may maliciously modify components of a victim environment in order to hinder or disable defensive mechanisms. This not only involves impairing preventative defenses, such as firewalls and anti-virus, but also detection capabilities that defenders can use to audit activity and identify malicious behavior. This may also span both native defenses as well as supplemental capabilities installed by users and administrators.Adversaries may also impair routine operations that contribute to defensive hygiene, such as blocking users from logging out, preventing a system from shutting down, or disabling or modifying the update process. Adversaries could also target event aggregation and analysis mechanisms, or otherwise disrupt these procedures by altering other system components. These restrictions can further enable malicious operations as well as the continued propagation of incidents.(Citation: Google Cloud Mandiant UNC3886 2024)(Citation: Emotet shutdown)
Platforms
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- LummaC2 Infostealer Targets US Critical Infrastructure: CISA-FBI Advisory AA25-141B and DOJ Domain Seizures
- VENOMOUS#HELPER RMM Detection: Stop SimpleHelp and ScreenConnect Backdoors
- PRC State-Sponsored Telecom Router Compromise Detection: CISA AA25-239a Breakdown
- Fast16 Malware Reverse-Engineering: State-Sponsored Computation Sabotage Analysis
- DEEP#DOOR Python Backdoor Detection: YARA Rules, Network IOCs, and Credential Theft Defences
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →