1. Home
  2. ATT&CK Techniques
  3. T1588
  4. T1588.006
Resource Development

T1588.006: Vulnerabilities

Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an ad...

T1588.006 · Sub-technique ·1 platforms ·3 groups

Description

Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an adversary to cause unintended or unanticipated behavior to occur. Adversaries may find vulnerability information by searching open databases or gaining access to closed vulnerability databases.(Citation: National Vulnerability Database)

An adversary may monitor vulnerability disclosures/databases to understand the state of existing, as well as newly discovered, vulnerabilities. There is usually a delay between when a vulnerability is discovered and when it is made public. An adversary may target the systems of those known to conduct vulnerability research (including commercial vendors). Knowledge of a vulnerability may cause an adversary to search for an existing exploit (i.e. Exploits) or to attempt to develop one themselves (i.e. Exploits).

Platforms

PRE

Mitigations (1)

Pre-compromiseM1056

This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.

Threat Groups (3)

IDGroupContext
G0034Sandworm TeamIn 2017, [Sandworm Team](https://attack.mitre.org/groups/G0034) conducted technical research related to vulnerabilities associated with websites used ...
G1017Volt Typhoon[Volt Typhoon](https://attack.mitre.org/groups/G1017) has used publicly available exploit code for initial access.(Citation: CISA AA24-038A PRC Critic...
G1053Storm-0501[Storm-0501](https://attack.mitre.org/groups/G1053) has obtained capabilities to exploit N-day vulnerabilities associated with public facing services ...

References

Frequently Asked Questions

What is T1588.006 (Vulnerabilities)?

T1588.006 is a MITRE ATT&CK technique named 'Vulnerabilities'. It belongs to the Resource Development tactic(s). Adversaries may acquire information about vulnerabilities that can be used during targeting. A vulnerability is a weakness in computer hardware or software that can, potentially, be exploited by an ad...

How can T1588.006 be detected?

Detection of T1588.006 (Vulnerabilities) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1588.006?

There are 1 documented mitigations for T1588.006. Key mitigations include: Pre-compromise.

Which threat groups use T1588.006?

Known threat groups using T1588.006 include: Sandworm Team, Volt Typhoon, Storm-0501.