T1133 External Remote Services Mappings

Adversaries may leverage external-facing remote services to initially access and/or persist within a network. Remote services such as VPNs, Citrix, and other access mechanisms allow users to connect to internal enterprise network resources from external locations. There are often remote service gateways that manage connections and credential authentication for these services. Services such as Windows Remote Management can also be used externally.

Access to Valid Accounts to use the service is often a requirement, which could be obtained through credential pharming or by obtaining the credentials from users after compromising the enterprise network.(Citation: Volexity Virtual Private Keylogging) Access to remote services may be used as a redundant or persistent access mechanism during an operation.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-17 Remote Access Protects T1133 External Remote Services
AC-20 Use of External Systems Protects T1133 External Remote Services
AC-23 Data Mining Protection Protects T1133 External Remote Services
AC-3 Access Enforcement Protects T1133 External Remote Services
AC-4 Information Flow Enforcement Protects T1133 External Remote Services
AC-6 Least Privilege Protects T1133 External Remote Services
AC-7 Unsuccessful Logon Attempts Protects T1133 External Remote Services
CM-2 Baseline Configuration Protects T1133 External Remote Services
CM-6 Configuration Settings Protects T1133 External Remote Services
CM-7 Least Functionality Protects T1133 External Remote Services
CM-8 System Component Inventory Protects T1133 External Remote Services
IA-2 Identification and Authentication (organizational Users) Protects T1133 External Remote Services
IA-5 Authenticator Management Protects T1133 External Remote Services
RA-5 Vulnerability Monitoring and Scanning Protects T1133 External Remote Services
SC-46 Cross Domain Policy Enforcement Protects T1133 External Remote Services
SC-7 Boundary Protection Protects T1133 External Remote Services
SI-4 System Monitoring Protects T1133 External Remote Services
SI-7 Software, Firmware, and Information Integrity Protects T1133 External Remote Services
azure_security_center_recommendations Azure Security Center Recommendations technique_scores T1133 External Remote Services
network_security_groups Network Security Groups technique_scores T1133 External Remote Services
microsoft_defender_for_identity Microsoft Defender for Identity technique_scores T1133 External Remote Services
azure_policy Azure Policy technique_scores T1133 External Remote Services
azure_alerts_for_network_layer Azure Alerts for Network Layer technique_scores T1133 External Remote Services
cloud_app_security_policies Cloud App Security Policies technique_scores T1133 External Remote Services
cloud_app_security_policies Cloud App Security Policies technique_scores T1133 External Remote Services
azure_ad_identity_secure_score Azure AD Identity Secure Score technique_scores T1133 External Remote Services
just-in-time_vm_access Just-in-Time VM Access technique_scores T1133 External Remote Services
azure_firewall Azure Firewall technique_scores T1133 External Remote Services
azure_network_traffic_analytics Azure Network Traffic Analytics technique_scores T1133 External Remote Services