T1199 Trusted Relationship Mappings

Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship exploits an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network.

Organizations often grant elevated access to second or third-party external providers in order to allow them to manage internal systems as well as cloud-based environments. Some examples of these relationships include IT services contractors, managed security providers, infrastructure contractors (e.g. HVAC, elevators, physical security). The third-party provider's access may be intended to be limited to the infrastructure being maintained, but may exist on the same network as the rest of the enterprise. As such, Valid Accounts used by the other party for access to internal network systems may be compromised and used.(Citation: CISA IT Service Providers)

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-3 Access Enforcement Protects T1199 Trusted Relationship
AC-4 Information Flow Enforcement Protects T1199 Trusted Relationship
AC-6 Least Privilege Protects T1199 Trusted Relationship
AC-8 System Use Notification Protects T1199 Trusted Relationship
CM-6 Configuration Settings Protects T1199 Trusted Relationship
CM-7 Least Functionality Protects T1199 Trusted Relationship
SC-46 Cross Domain Policy Enforcement Protects T1199 Trusted Relationship
SC-7 Boundary Protection Protects T1199 Trusted Relationship
action.hacking.vector.Partner Partner connection or credential related-to T1199 Trusted Relationship
action.malware.variety.Adware Adware related-to T1199 Trusted Relationship
amazon_virtual_private_cloud Amazon Virtual Private Cloud technique_scores T1199 Trusted Relationship