The Adversarial Tactics, Techniques, and Common Knowledge or MITRE ATT&CK is a guideline for classifying and describing cyberattacks and intrusions. It was created by the Mitre Corporation and released in 2013. The framework consists of 14 tactics categories consisting of "technical objectives" of an adversary.
MITRE’s ATT&CK is populated mainly by publicly available threat intelligence and incident reporting, as well as by research on new techniques contributed by cyber security analysts and threat hunters. It is used by those same professionals to better understand the different ways bad actors might operate so adversarial behavior can be detected and stopped.
Specific adversaries tend to use specific techniques. The MITRE ATT&CK Framework catalogs information that correlates adversary groups to campaigns, so security teams can better understand the adversaries they are dealing with, evaluate their defenses, and strengthen security where it matters most.
Adversarial tactics are specific technical objectives that an adversary intends to achieve, such as lateral movement, defense evasion, or exfiltration. Tactics are categorized according to these objectives. For instance, there are currently 14 tactics cataloged in the enterprise matrix.
A technique describes one specific way an adversary may try to achieve an objective. A multitude of techniques are documented under each “tactics” category. This is because adversaries may use different techniques depending on factors such as their skills sets, targets’ system configuration aned availability of suitable tools.
Each technique includes a description of the method, the systems and platforms it pertains to, which adversary groups use it (if that is known), ways to mitigate the activity, and references to its use in the real world.