There is a new update to MITRE ATT&ACK (MITRE ATT&CK®). Medium did a write up on what has changed found HERE. Here is the first part of that post summarizing the changes.
We’ve spent the last six months focused on making ATT&CK more usable and actionable for defenders, and with the help of the community the results are here!
First, we’re excited for you to finally experience the detection overhaul with two new ATT&CK objects, Detection Strategies and Analytics, that shift guidance from single-sentence notes to structured, behavior-focused strategies. Workbench now supports Detection Strategies, so upgrade your instance to take full advantage of the defensive updates.
Across domains, we’ve deepened coverage of threats organizations are facing today. Enterprise adds techniques for modern infrastructure, Kubernetes, CI/CD pipelines, and cloud databases, along with ransomware preparation behaviors and adversaries monitoring their own threat intel. CTI features new groups, campaigns, and software tied to cascading supply chain compromises, cloud identity abuse, and attacks on edge and virtualization systems, and includes expanded content on the Democratic People’s Republic of Korea (DPRK) and People’s Republic of China (PRC) operations.
On the Mobile front, there’s coverage of state-sponsored abuse of Signal/WhatsApp linked devices and enhanced account collection techniques. And in ICS, new and updated Asset objects expand the range of industrial equipment and attack scenarios ATT&CK can represent, including improved connections across sector-specific terminology through Related Assets.
Looking into the future, we’re launching the ATT&CK Advisory Council to formalize community input on the framework’s direction and yes, we’re already working on v19.
For all the details on our updates/additions across Techniques, Software, Groups and Campaigns take a look at our release notes, our detailed changelog, or our changelog.json.
See the full post to get the details of the changes.