T1078.003 Local Accounts Mappings

Adversaries may obtain and abuse credentials of a local account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Local accounts are those configured by an organization for use by users, remote support, services, or for administration on a single system or service.

Local Accounts may also be abused to elevate privileges and harvest credentials through OS Credential Dumping. Password reuse may allow the abuse of local accounts across a set of machines on a network for the purposes of Privilege Escalation and Lateral Movement.

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-2 Account Management Protects T1078.003 Local Accounts
AC-3 Access Enforcement Protects T1078.003 Local Accounts
AC-5 Separation of Duties Protects T1078.003 Local Accounts
AC-6 Least Privilege Protects T1078.003 Local Accounts
CA-7 Continuous Monitoring Protects T1078.003 Local Accounts
CM-5 Access Restrictions for Change Protects T1078.003 Local Accounts
CM-6 Configuration Settings Protects T1078.003 Local Accounts
IA-12 Identity Proofing Protects T1078.003 Local Accounts
IA-2 Identification and Authentication (organizational Users) Protects T1078.003 Local Accounts
SA-10 Developer Configuration Management Protects T1078.003 Local Accounts
SA-11 Developer Testing and Evaluation Protects T1078.003 Local Accounts
SA-15 Development Process, Standards, and Tools Protects T1078.003 Local Accounts
SA-16 Developer-provided Training Protects T1078.003 Local Accounts
SA-17 Developer Security and Privacy Architecture and Design Protects T1078.003 Local Accounts
SA-3 System Development Life Cycle Protects T1078.003 Local Accounts
SA-4 Acquisition Process Protects T1078.003 Local Accounts
SA-8 Security and Privacy Engineering Principles Protects T1078.003 Local Accounts
SC-28 Protection of Information at Rest Protects T1078.003 Local Accounts
SI-4 System Monitoring Protects T1078.003 Local Accounts
CVE-2011-3172 SUSE Linux Enterprise uncategorized T1078.003 Local Accounts
action.hacking.variety.Use of stolen creds Use of stolen authentication credentials (including credential stuffing) related-to T1078.003 Valid Accounts: Local Accounts