- Home
- Techniques
- PRE-ATT&CK
- Misattributable credentials
Misattributable credentials
The use of credentials by an adversary with the intent to hide their true identity and/or portray them self as another person or entity. An adversary may use misattributable credentials in an attack to convince a victim that credentials are legitimate and trustworthy when this is not actually the case. [1]
Detection
Detectable by Common Defenses (Yes/No/Partial): Partial
Explanation: If a previous incident identified the credentials used by an adversary, defenders can potentially use these credentials to track the adversary through reuse of the same credentials.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: An adversary can easily create and use misattributable credentials to obtain servers, build environment, [https://aws.amazon.com AWS] accounts, etc. Many service providers require some form of identifiable information such as a phone number or email address, but there are several avenues to acquire these consistent with the misattributable identity.
References
- Paul Mutton. (2014, February 12). Fake SSL certificates deployed across the internet. Retrieved March 1, 2017.