Back to glossary

MITRE ATT&CK Framework

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.

AbbreviationATT&CK
Categorysecurity

Overview

MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) is the industry-standard framework for understanding and describing cyberattacks. It provides a common language for security teams to share information about attacker behavior.

The Matrix Structure

  • Tactics: The 'why' of an attack (e.g., Initial Access, Persistence, Exfiltration). These are the high-level goals of the attacker.
  • Techniques: The 'how' of an attack (e.g., Phishing, DLL Side-Loading, Data Compressed). These are the specific methods used to achieve a tactic.
  • Sub-techniques: More granular descriptions of specific techniques.
  • Procedures: The specific implementation of a technique by a particular threat actor (TTPs).

Use Cases

  • Threat Hunting: Searching for specific techniques within an environment.
  • Red Teaming: Designing realistic attack simulations.
  • Security Assessment: Mapping existing defenses against known attacker techniques.
  • Threat Intelligence: Categorizing and sharing information about new attack campaigns.

Related Terms

Cyber Kill Chain