T1021.001 - Remote Desktop Protocol
Sub-technique
Tattiche:
Lateral Movement
Lateral Movement
Piattaforme:
Windows
Windows
Rilevamento:
Not specified
Not specified
Description:
Adversaries may use [Valid Accounts](https://attack.mitre.org/techniques/T1078) to log into a computer using the Remote Desktop Protocol (RDP). The adversary may then perform actions as the logged-on user.
Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS).(Citation: TechNet Remote Desktop Services)
Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. Adversaries may also use RDP in conjunction with the [Accessibility Features](https://attack.mitre.org/techniques/T1546/008) or [Terminal Services DLL](https://attack.mitre.org/techniques/T1505/005) for Persistence.(Citation: Alperovitch Malware)
Remote desktop is a common feature in operating systems. It allows a user to log into an interactive session with a system desktop graphical user interface on a remote system. Microsoft refers to its implementation of the Remote Desktop Protocol (RDP) as Remote Desktop Services (RDS).(Citation: TechNet Remote Desktop Services)
Adversaries may connect to a remote system over RDP/RDS to expand access if the service is enabled and allows access to accounts with known credentials. Adversaries will likely use Credential Access techniques to acquire credentials to use with RDP. Adversaries may also use RDP in conjunction with the [Accessibility Features](https://attack.mitre.org/techniques/T1546/008) or [Terminal Services DLL](https://attack.mitre.org/techniques/T1505/005) for Persistence.(Citation: Alperovitch Malware)
Usato da Attori (20)
APT1
Nation-state
Nation-state
APT3
Nation-state
Nation-state
FIN7
Criminal
Criminal
Lazarus Group
Nation-state
Nation-state
FIN6
Unknown
Unknown
OilRig
Nation-state
Nation-state
FIN8
Unknown
Unknown
APT5
Unknown
Unknown
Kimsuky
Nation-state
Nation-state
INDRIK SPIDER
Unknown
Unknown
WIZARD SPIDER
Nation-state
Nation-state
APT39
Unknown
Unknown
FIN10
Unknown
Unknown
APT41
Nation-state
Nation-state
Fox Kitten
Unknown
Unknown
FIN13
Unknown
Unknown
Volt Typhoon
Unknown
Unknown
Scattered Spider
Unknown
Unknown
Medusa Group
Unknown
Unknown
Dragonfly
Unknown
Unknown
Malware (17)
Metadata
| MITRE ID: | T1021.001 |
| STIX ID: | attack-pattern--eb062747-2193-... |
| Piattaforme: | Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |