- Tactics
- Impact
- Platforms
- Windows, IaaS, Linux, macOS, Containers, SaaS
- Reference
- attack.mitre.org/techniques/T1496
Description
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Resource hijacking may take a number of different forms. For example, adversaries may:
- Leverage compute resources in order to mine cryptocurrency
- Sell network bandwidth to proxy networks
- Generate SMS traffic for profit
- Abuse cloud-based messaging services to send large quantities of spam messages
In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)
Sub-techniques
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Impact tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1485 — Data Destruction
- T1486 — Data Encrypted for Impact
- T1489 — Service Stop
- T1490 — Inhibit System Recovery
- T1491 — Defacement
- T1495 — Firmware Corruption
- T1498 — Network Denial of Service
- T1499 — Endpoint Denial of Service
- T1529 — System Shutdown/Reboot
- T1531 — Account Access Removal
- T1561 — Disk Wipe
- T1565 — Data Manipulation