TA0008ATT&CK 14.1

TA0008Lateral Movement

Description

The adversary is trying to move through your environment. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.

Techniques in this tactic· 11

T1021
Remote Services
T1072
Software Deployment Tools
T1080
Taint Shared Content
T1091
Replication Through Removable Media
T1210
Exploitation of Remote Services
T1506
Web Session Cookie
T1527
Application Access Token
T1534
Internal Spearphishing
T1550
Use Alternate Authentication Material
T1563
Remote Service Session Hijacking
T1570
Lateral Tool Transfer

Sub-techniques in this tactic· 14

T1021.001T1021.002T1021.003T1021.004T1021.005T1021.006T1021.007T1021.008T1550.001T1550.002T1550.003T1550.004T1563.001T1563.002

References

  1. https://attack.mitre.org/tactics/TA0008

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Tactic
Command and Control
Tactic
Privilege Escalation
Tactic
Exfiltration
Tactic
Initial Access
Tactic
Execution
Tactic
Discovery
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, Founder at SQUR.