Data Manipulation

Adversaries may insert, delete, or alter data in order to manipulate external outcomes or hide activity. By manipulating data, adversaries may attempt to affect a business process, organizational understanding, or decision making.

The type of modification and the impact it will have depends on the target application, process, and the goals and objectives of the adversary. For complex systems, an adversary would likely need special expertise and possibly access to specialized software related to the system, typically gained through a prolonged information gathering campaign, in order to have the desired impact.

ID: T1641
Sub-techniques:  T1641.001
Tactic Type: Post-Adversary Device Access
Tactic: Impact
Platforms: Android
Version: 1.0
Created: 06 April 2022
Last Modified: 06 April 2022


ID Mitigation Description
M1006 Use Recent OS Version

Recent OS versions have limited access to certain APIs unless certain conditions are met, making Data Manipulation more difficult


Application vetting services could look for use of standard APIs (e.g. the clipboard API) that could indicate data manipulation is occurring.