1. Home
  2. Techniques
  3. Resource Hijacking

Resource Hijacking

Sub-techniques (8)
ID Name
T1496.004 Cloud Service Hijacking
T1496.A007 Cloud Service Hijacking - Bedrock LLM Abuse
T1496.A001 Cloud Service Hijacking - SES Messaging
T1496.001 Compute Hijacking
T1496.A008 Compute Hijacking - EC2 Use
T1496.A006 Compute Hijacking - ECS
T1496.A009 Compute Hijacking - WorkSpaces
T1496.003 SMS Pumping

MITRE ATT&CK Content


Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.

Resource hijacking may take a number of different forms. For example, adversaries may:

* Leverage compute resources in order to mine cryptocurrency * Sell network bandwidth to proxy networks * Generate SMS traffic for profit * Abuse cloud-based messaging services to send large quantities of spam messages

In some cases, adversaries may leverage multiple types of Resource Hijacking at once.

References

  1. mitre-attack
  2. Kaspersky Lazarus Under The Hood Blog 2017
  3. CloudSploit - Unused AWS Regions
  4. Unit 42 Hildegard Malware
  5. Trend Micro Exposed Docker APIs
  6. Trend Micro War of Crypto Miners

Technique Information

ID: T1496
Aliases: T1496
Sub-techniques:
Tactics:
  • Impact
Platforms:
  • Windows
  • IaaS
  • Linux
  • macOS
  • Containers
  • Amazon Web Services (AWS)
Created: 17 Apr 2019
Last Modified: 03 Jun 2025