Connect with us

Hi, what are you looking for?


Incident Response

MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile 

MITRE announces the release of ATT&CK v14, which brings enhancements related to detections, ICS, and mobile.


MITRE on Tuesday announced the release of version 14 of ATT&CK, the widely used knowledge base of adversary tactics and techniques. ATT&CK v14 brings improvements related to detections, industrial control systems (ICS), and mobile.

ATT&CK v14 covers a total of 760 pieces of software, 143 activity clusters (groups), and 24 campaigns across enterprise, mobile and ICS. 

The latest version of ATT&CK brings a significant expansion of detection notes and analytics, as well as enhanced relationships between detections, data sources and mitigations. 

“This release includes updated technique alignments to data sources and mitigations, better reflecting the most effective defensive measures for the impacted techniques,” explained MITRE’s Amy Robertson. 

In the ‘enterprise’ category, ATT&CK has been expanded to incorporate social engineering techniques and deceptive practices that might not have a direct technical component, such as impersonation, financial theft, and voice phishing. 

As for ICS, version 14 adds over a dozen assets that represent the primary functional components of ICS environments, such as application server, control server, data gateway, historian, field device, human-machine interface (HMI), programmable logic controller (PLC), remote terminal unit (RTU), safety controller, and workstation.

“These Asset pages include in-depth definitions, meticulous mappings to techniques, and a list of related Assets. Our primary goals for Assets are to provide a common language for inter-sector communication, and to empower underrepresented sectors to leverage ATT&CK mappings, fostering meaningful communication about risks and threats,” Robertson said.

MITRE has also expanded the coverage of the ‘mobile’ category to include various types of phishing (smishing, quishing and vishing), and introduced structured detections. 

Advertisement. Scroll to continue reading.

The navigation bar of the ATT&CK website has also been tweaked to feature a single dynamic menu that provides access to secondary links through dropdown menus.  

MITRE has published a blog post detailing some of the major updates in ATT&CK v14, as well as release notes listing new techniques and version changes. A detailed changelog is also available. 

Related: MITRE and CISA Release Open Source Tool for OT Attack Emulation

Related: MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Related: New Tool Made by Microsoft and Mitre Emulates Attacks on Machine Learning Systems

Related: Three Ways to Improve Defense Readiness Using MITRE D3FEND

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...