1. Home
  2. Techniques
  3. Resource Hijacking

Resource Hijacking

Sub-techniques (7)
ID Name
T1496.004 Cloud Service Hijacking
T1496.A007 Cloud Service Hijacking - Bedrock LLM Abuse
T1496.A001 Cloud Service Hijacking - SES Messaging
T1496.001 Compute Hijacking
T1496.A008 Compute Hijacking - EC2 Use
T1496.A006 Compute Hijacking - ECS
T1496.003 SMS Pumping

Adversaries may leverage the resources of co-opted systems in order to solve resource intensive problems which may impact system and/or hosted service availability.

One common purpose for Resource Hijacking is to validate transactions of cryptocurrency networks and earn virtual currency. Adversaries may consume enough system resources to negatively impact and/or cause affected machines to become unresponsive. Servers and cloud-based systems are common targets because of the high potential for available resources, but user endpoint systems may also be compromised and used for Resource Hijacking and cryptocurrency mining. Containerized environments may also be targeted due to the ease of deployment via exposed APIs and the potential for scaling mining activities by deploying or compromising multiple containers within an environment or cluster.

Additionally, some cryptocurrency mining malware kills off processes for competing malware to ensure its not competing for resources.

References

  1. mitre-attack
  2. Kaspersky Lazarus Under The Hood Blog 2017
  3. CloudSploit - Unused AWS Regions
  4. Unit 42 Hildegard Malware
  5. Trend Micro Exposed Docker APIs
  6. Trend Micro War of Crypto Miners

Technique Information

ID: T1496
Aliases: T1496
Sub-techniques:
Tactics:
  • Impact
Platforms:
  • Windows
  • IaaS
  • Linux
  • macOS
  • Containers
  • Amazon Web Services (AWS)
Created: 17 Apr 2019
Last Modified: 03 Jun 2025