- Tactics
- Impact
- Platforms
- ESXi, Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1491.001
Description
An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users, thus discrediting the integrity of the systems. This may take the form of modifications to internal websites or server login messages, or directly to user systems with the replacement of the desktop wallpaper.(Citation: Novetta Blockbuster)(Citation: Varonis) Disturbing or offensive images may be used as a part of Internal Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages. Since internally defacing systems exposes an adversary’s presence, it often takes place after other intrusion goals have been accomplished.(Citation: Novetta Blockbuster Destructive Malware)
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Impact tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1485 — Data Destruction
- T1486 — Data Encrypted for Impact
- T1489 — Service Stop
- T1490 — Inhibit System Recovery
- T1491 — Defacement
- T1495 — Firmware Corruption
- T1496 — Resource Hijacking
- T1498 — Network Denial of Service
- T1499 — Endpoint Denial of Service
- T1529 — System Shutdown/Reboot
- T1531 — Account Access Removal
- T1561 — Disk Wipe