View on MITRE ATT&CK

T1078.002 - Domain Accounts

Sub-technique
Tattiche:
Persistence Privilege Escalation Defense Evasion Initial Access
Piattaforme:
ESXi Linux macOS Windows
Rilevamento:
Not specified
Description:
Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.(Citation: TechNet Credential Theft) Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services.(Citation: Microsoft AD Accounts)

Adversaries may compromise domain accounts, some with a high level of privileges, through various means such as [OS Credential Dumping](https://attack.mitre.org/techniques/T1003) or password reuse, allowing access to privileged resources of the domain.
Usato da Attori (18)
APT3
Nation-state
Naikon
Nation-state
OilRig
Nation-state
APT5
Unknown
INDRIK SPIDER
Unknown
TA505
Unknown
WIZARD SPIDER
Nation-state
ToddyCat
Unknown
Volt Typhoon
Unknown
Aquatic Panda
Unknown
Play
Unknown
Sandworm Team
Unknown
Cinnamon Tempest
Unknown
Magic Hound
Unknown
Chimera
Unknown
Threat Group-1314
Unknown
BlackByte
Unknown
Agrius
Unknown
Malware (5)
Stuxnet other Shamoon other Ryuk other Cobalt Strike other CreepySnail other
Metadata
MITRE ID: T1078.002
STIX ID: attack-pattern--c3d4bdd9-2cfe-...
Piattaforme: ESXi, Linux, macOS, Windows
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00