T1491.002 External Defacement Mappings

An adversary may deface systems external to an organization in an attempt to deliver messaging, intimidate, or otherwise mislead an organization or users. Externally-facing websites are a common victim of defacement; often targeted by adversary and hacktivist groups in order to push a political message or spread propaganda.(Citation: FireEye Cyber Threats to Media Industries)(Citation: Kevin Mandia Statement to US Senate Committee on Intelligence)(Citation: Anonymous Hackers Deface Russian Govt Site) External Defacement may be used as a catalyst to trigger events, or as a response to actions taken by an organization or government. Similarly, website defacement may also be used as setup, or a precursor, for future attacks such as Drive-by Compromise.(Citation: Trend Micro Deep Dive Into Defacement)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1491.002 External Defacement
AC-6 Least Privilege Protects T1491.002 External Defacement
CM-2 Baseline Configuration Protects T1491.002 External Defacement
CP-10 System Recovery and Reconstitution Protects T1491.002 External Defacement
CP-2 Contingency Plan Protects T1491.002 External Defacement
CP-7 Alternate Processing Site Protects T1491.002 External Defacement
CP-9 System Backup Protects T1491.002 External Defacement
SI-3 Malicious Code Protection Protects T1491.002 External Defacement
SI-4 System Monitoring Protects T1491.002 External Defacement
SI-7 Software, Firmware, and Information Integrity Protects T1491.002 External Defacement
azure_backup Azure Backup technique_scores T1491.002 External Defacement