T1491 Defacement Mappings

Adversaries may modify visual content available internally or externally to an enterprise network. Reasons for Defacement include delivering messaging, intimidation, or claiming (possibly false) credit for an intrusion. Disturbing or offensive images may be used as a part of Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1491 Defacement
AC-6 Least Privilege Protects T1491 Defacement
CM-2 Baseline Configuration Protects T1491 Defacement
CP-10 System Recovery and Reconstitution Protects T1491 Defacement
CP-2 Contingency Plan Protects T1491 Defacement
CP-7 Alternate Processing Site Protects T1491 Defacement
CP-9 System Backup Protects T1491 Defacement
SI-3 Malicious Code Protection Protects T1491 Defacement
SI-4 System Monitoring Protects T1491 Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491 Defacement

ATT&CK Subtechniques

Technique ID Technique Name Number of Mappings
T1491.002 External Defacement 10
T1491.001 Internal Defacement 10