T1491.002 External Defacement Mappings

An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users. External Defacement may ultimately cause users to distrust the systems and to question/discredit the system’s integrity. Externally-facing websites are a common victim of defacement; often targeted by adversary and hacktivist groups in order to push a political message or spread propaganda.(Citation: FireEye Cyber Threats to Media Industries)(Citation: Kevin Mandia Statement to US Senate Committee on Intelligence)(Citation: Anonymous Hackers Deface Russian Govt Site) External Defacement may be used as a catalyst to trigger events, or as a response to actions taken by an organization or government. Similarly, website defacement may also be used as setup, or a precursor, for future attacks such as Drive-by Compromise.(Citation: Trend Micro Deep Dive Into Defacement)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-03 Access Enforcement Protects T1491.002 External Defacement
AC-06 Least Privilege Protects T1491.002 External Defacement
CM-02 Baseline Configuration Protects T1491.002 External Defacement
CP-10 System Recovery and Reconstitution Protects T1491.002 External Defacement
CP-02 Contingency Plan Protects T1491.002 External Defacement
CP-07 Alternate Processing Site Protects T1491.002 External Defacement
CP-09 System Backup Protects T1491.002 External Defacement
SI-03 Malicious Code Protection Protects T1491.002 External Defacement
SI-04 System Monitoring Protects T1491.002 External Defacement
SI-07 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement