T1491.001 Internal Defacement Mappings

An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users. This may take the form of modifications to internal websites, or directly to user systems with the replacement of the desktop wallpaper.(Citation: Novetta Blockbuster) Disturbing or offensive images may be used as a part of Internal Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages. Since internally defacing systems exposes an adversary's presence, it often takes place after other intrusion goals have been accomplished.(Citation: Novetta Blockbuster Destructive Malware)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1491.001 Internal Defacement
AC-6 Least Privilege Protects T1491.001 Internal Defacement
CM-2 Baseline Configuration Protects T1491.001 Internal Defacement
CP-10 System Recovery and Reconstitution Protects T1491.001 Internal Defacement
CP-2 Contingency Plan Protects T1491.001 Internal Defacement
CP-7 Alternate Processing Site Protects T1491.001 Internal Defacement
CP-9 System Backup Protects T1491.001 Internal Defacement
SI-3 Malicious Code Protection Protects T1491.001 Internal Defacement
SI-4 System Monitoring Protects T1491.001 Internal Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.001 Internal Defacement
azure_backup Azure Backup technique_scores T1491.001 Internal Defacement