https://feed.craftedsignal.io/tags/attack.t1489/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 09 Jan 2024 14:30:00 +0000https://feed.craftedsignal.io/briefs/2024-01-09-linux-service-disable/Tue, 09 Jan 2024 14:30:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-09-linux-service-disable/Attackers may halt or disable security services on Linux systems to evade defenses, maintain persistence, or disrupt operations, detected through the use of utilities like 'systemctl', 'service', and 'chkconfig'.Attackers may attempt to stop or disable services on a compromised Linux system to impair security tools, disrupt operations, or facilitate further malicious activities. This can involve disabling security software, logging mechanisms, or other critical services that could hinder the attacker’s objectives. This activity often forms part of a broader attack campaign aimed at maintaining persistence, evading detection, or causing system-wide disruption. The commands systemctl, service, and…

]]>mediumadvisoryattack.defense-evasionattack.t1562attack.impactattack.t1489https://feed.craftedsignal.io/briefs/2024-01-schtasks-disable/Wed, 03 Jan 2024 15:30:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-schtasks-disable/Adversaries disable crucial scheduled tasks, such as those related to BitLocker, Windows Defender, System Restore and Windows Update, using schtasks.exe to disrupt services and potentially facilitate data destruction or ransomware deployment.Attackers are increasingly targeting scheduled tasks to disable critical system functions. This tactic involves using schtasks.exe to disable essential tasks related to security, backup, and update mechanisms. By disabling tasks like Windows Defender scans, System Restore points, BitLocker encryption, and Windows Update, adversaries can significantly weaken a system’s defenses, making it more vulnerable to data destruction or ransomware attacks. The observed behavior involves the execution of…

]]>highadvisoryattack.impactattack.t1489https://feed.craftedsignal.io/briefs/2024-01-03-schtasks-deletion/Wed, 03 Jan 2024 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-03-schtasks-deletion/Adversaries delete critical scheduled tasks, such as those related to BitLocker, ExploitGuard, System Restore, Windows Defender, and Windows Update, to disrupt security measures and enable data destruction.<p>Attackers may attempt to delete scheduled tasks to disable security mechanisms or prevent system recovery, creating an environment conducive to data destruction. This involves using the <code>schtasks.exe</code> utility to remove scheduled tasks related to critical system functions. This activity is designed to impair incident response, prevent restoration of systems, and generally increase the impact of an attack. This is done by removing the scheduled tasks, which prevents the execution of security…</p> highadvisoryattack.impactattack.t1489