Threat Group-1314
Threat Group-1314 is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure.[1]
ID: G0028
ⓘ
Associated Groups: TG-1314
Version: 1.1
Created: 31 May 2017
Last Modified: 25 April 2025
Associated Group Descriptions
| Name | Description |
|---|---|
| TG-1314 |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter:Windows Command Shell | Threat Group-1314 actors spawned shells on remote systems on a victim network to execute commands.[1] |
| Enterprise | T1021 | .002 | Remote Services:SMB/Windows Admin Shares | Threat Group-1314 actors mapped network drives using |
| Enterprise | T1072 | Software Deployment Tools | Threat Group-1314 actors used a victim's endpoint management platform, Altiris, for lateral movement.[1] | |
| Enterprise | T1078 | .002 | Valid Accounts:Domain Accounts | Threat Group-1314 actors used compromised domain credentials for the victim's endpoint management platform, Altiris, to move laterally.[1] |
Software
References
×