Resource Hijacking: Compute Hijacking

Other sub-techniques of Resource Hijacking (7)

ID	Name
T1496.004	Cloud Service Hijacking
T1496.A007	Cloud Service Hijacking - Bedrock LLM Abuse
T1496.A001	Cloud Service Hijacking - SES Messaging
T1496.001	Compute Hijacking
T1496.A008	Compute Hijacking - EC2 Use
T1496.A006	Compute Hijacking - ECS
T1496.003	SMS Pumping

Unreleased. TBD

Detection

ID	Data Source	Data Component	Description
DS0029	Network Traffic	Network Connection Creation	Monitor for newly constructed network connections that are sent or received by untrusted hosts. Look for connections to/from strange ports, as well as reputation of IPs and URLs related to cryptocurrency hosts. In AWS environments, configure GuardDuty to alert when EC2 instances query IP addresses associated with known cryptocurrency activity.

References

mitre-attack

Technique Information

ID: T1496.001

Aliases: T1496.001

Sub-technique of: T1496

Tactics:

Impact

Platforms:

IaaS
Amazon Web Services (AWS)

Created: 11 Oct 2024

Last Modified: 04 Jun 2025