T1069 - Permission Groups Discovery
Tactics:
Discovery
Discovery
Platforms:
Containers IaaS Identity Provider Linux +4
Containers IaaS Identity Provider Linux +4
Detection:
Not specified
Not specified
Description:
Adversaries may attempt to discover group and permission settings. This information can help adversaries determine which user accounts and groups are available, the membership of users in particular groups, and which users and groups have elevated permissions.
Adversaries may attempt to discover group permission settings in many different ways. This data may provide the adversary with information about the compromised environment that can be used in follow-on activity and targeting.(Citation: CrowdStrike BloodHound April 2018)
Adversaries may attempt to discover group permission settings in many different ways. This data may provide the adversary with information about the compromised environment that can be used in follow-on activity and targeting.(Citation: CrowdStrike BloodHound April 2018)
Used by Actors (6)
Malware (6)
Metadata
| MITRE ID: | T1069 |
| STIX ID: | attack-pattern--15dbf668-795c-... |
| Platforms: | Containers, IaaS, Identity Provider, Linux, macOS, Office Suite, SaaS, Windows |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |