Connect with us

Hi, what are you looking for?


Cloud Security

ATT&CK v9 Introduces Containers, Google Workspace

MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform.

MITRE announced last week that the latest update to the popular ATT&CK framework introduces techniques related to containers and the Google Workspace platform.

ATT&CK is a knowledge base of adversary tactics and techniques that is based on real-world observations. ATT&CK v9 adds container-related attack techniques, which is the result of a project conducted by MITRE’s Center for Threat-Informed Defense and sponsored by Microsoft, Citigroup and JPMorgan Chase.


There has been a debate on whether or not container techniques should be added considering that in a vast majority of cases they lead to cryptomining. However, containers have also been used by malicious actors for other purposes, including data harvesting and exfiltration. It has been determined that these incidents are “publicly under reported,” which is why developers of the ATT&CK framework have decided to include container-related techniques.

As for the addition of Google Workspace, MITRE explained, “Since ATT&CK already covers Office 365, we wanted to ensure that users of Google’s productivity tools were also able to map similar applicable adversary behaviors to ATT&CK.”

Another significant change in ATT&CK v9 is related to cloud platforms — AWS, Azure and Google Cloud Platform have been consolidated into a single infrastructure-as-a-service (IaaS) platform.

The latest version also includes some updates to macOS techniques and some changes in how data sources are described.

ATT&CK v9 covers 14 tactics, 185 techniques, and 367 sub-techniques, as well as 16 new threat groups and 67 new pieces of software. All new elements and updates are detailed on MITRE’s website. The next major update for the framework is scheduled for October.

Advertisement. Scroll to continue reading.

Last year, MITRE announced the release of an ATT&CK knowledge base for industrial control systems (ICS), and introduced a knowledge base of techniques and tactics that defenders can use to secure their networks and assets.

Related: MITRE Uses ATT&CK Framework to Evaluate Enterprise Security Products

Related: MITRE ATT&CK Used for Cybersecurity Skills Development

Related: FireEye Proposes Converged Enterprise and ICS ATT&CK Matrix

Related: Where To Begin With MITRE ATT&CK Matrix

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.