Currently viewing ATT&CK v10.1 which was live between October 21, 2021 and April 24, 2022. Learn more about the versioning system or see the live site.
  1. Home
  2. Techniques
  3. Mobile
  4. Exploit Enterprise Resources

Exploit Enterprise Resources

Adversaries may attempt to exploit enterprise servers, workstations, or other resources over the network. This technique may take advantage of the mobile device's access to an internal enterprise network either through local connectivity or through a Virtual Private Network (VPN).

ID: T1428
Sub-techniques:  No sub-techniques
Tactic Type: Post-Adversary Device Access
Tactic: Lateral Movement
Platforms: Android, iOS
MTC ID: APP-32
Version: 1.0
Created: 25 October 2017
Last Modified: 17 October 2018

Procedure Examples

ID Name Description
S0300 DressCode

DressCode sets up a "general purpose tunnel" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.[1]
S0299 NotCompatible

NotCompatible has the capability to exploit systems on an enterprise network.[2]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

  1. Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.
  1. Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.