1. Home
  2. ATT&CK Techniques
  3. T1565
Impact

T1565: Data Manipulation

Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: Sygnia Elephant Beetle Jan 2022) By m...

T1565 · Technique ·3 platforms ·1 groups

Description

Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: Sygnia Elephant Beetle Jan 2022) By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.

The type of modification and the impact it will have depends on the target application and process as well as the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system that would typically be gained through a prolonged information gathering campaign in order to have the desired impact.

Platforms

LinuxmacOSWindows

Sub-Techniques (3)

T1565.001

Stored Data Manipulation

 T1565.002

Transmitted Data Manipulation

 T1565.003

Runtime Data Manipulation

Mitigations (4)

Encrypt Sensitive InformationM1041

Consider encrypting important information to reduce an adversary’s ability to perform tailored data modifications.

Remote Data StorageM1029

Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data.(Citation: Ready.gov IT DRP) Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and manipulate backups.

Network SegmentationM1030

Identify critical business and system processes that may be targeted by adversaries and work to isolate and secure those systems against unauthorized access and tampering.

Restrict File and Directory PermissionsM1022

Ensure least privilege principles are applied to important information resources to reduce exposure to data manipulation risk.

Threat Groups (1)

IDGroupContext
G1016FIN13[FIN13](https://attack.mitre.org/groups/G1016) has injected fraudulent transactions into compromised networks that mimic legitimate behavior to siphon...

Associated Software (1)

IDNameTypeContext
S9014PHASEJAMMalware[PHASEJAM](https://attack.mitre.org/software/S9014) has blocked legitimate upgrades of Ivanti Connect Secure systems and falsely indicates a successfu...

References

Frequently Asked Questions

What is T1565 (Data Manipulation)?

T1565 is a MITRE ATT&CK technique named 'Data Manipulation'. It belongs to the Impact tactic(s). Adversaries may insert, delete, or manipulate data in order to influence external outcomes or hide activity, thus threatening the integrity of the data.(Citation: Sygnia Elephant Beetle Jan 2022) By m...

How can T1565 be detected?

Detection of T1565 (Data Manipulation) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1565?

There are 4 documented mitigations for T1565. Key mitigations include: Encrypt Sensitive Information, Remote Data Storage, Network Segmentation, Restrict File and Directory Permissions.

Which threat groups use T1565?

Known threat groups using T1565 include: FIN13.