Description
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Resource hijacking may take a number of different forms. For example, adversaries may:
Leverage compute resources in order to mine cryptocurrency Sell network bandwidth to proxy networks Generate SMS traffic for profit Abuse cloud-based messaging services to send large quantities of spam messages
In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)
Platforms
Sub-Techniques (4)
Compute Hijacking
T1496.002Bandwidth Hijacking
T1496.003SMS Pumping
T1496.004Cloud Service Hijacking
References
Frequently Asked Questions
What is T1496 (Resource Hijacking)?
T1496 is a MITRE ATT&CK technique named 'Resource Hijacking'. It belongs to the Impact tactic(s). Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. Resource hijacking may take a number of d...
How can T1496 be detected?
Detection of T1496 (Resource Hijacking) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.
What mitigations exist for T1496?
Follow defense-in-depth principles including network segmentation, least privilege access, security monitoring, and regular patching to reduce the risk of this technique.
Which threat groups use T1496?
While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.