Group: Threat Group-1314, TG-1314

From enterprise
Jump to: navigation, search
Threat Group-1314, TG-1314
Group
ID G0028
Aliases Threat Group-1314, TG-1314

Threat Group-1314 is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure.1

Techniques Used

  • Third-party Software - Threat Group-1314 actors used a victim's endpoint management platform, Altiris, for lateral movement.1
  • Valid Accounts - Threat Group-1314 actors used compromised credentials for the victim's endpoint management platform, Altiris, to move laterally.1
  • Command-Line Interface - Threat Group-1314 actors spawned shells on remote systems on a victim network to execute commands.1

Software