If an attacker gains control of the credential-management system and issues credentials, he can access the system and maintain a persistent control on it. There is a need to invalidate existing credentials and reissue all credentials. CCSDS recommends two forms of credentials: X.509 certificates and protected simple authentication. The authenticity of an X.509 certificate is dependent upon the digital signature of the CA attesting to the credential. If the digital signature algorithm used by the CA is of insufficient cryptographic strength, a credential may be spoofed. ^[1]

Standard/references: ^[2]

ID: T2009.002

Sub-technique of: T2009

ⓘ

Tactics: Initial Access, Persistence

ⓘ

Platforms: None

Version: 2.0

Created: 25 August 2022

Last Modified: 05 February 2025

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

References

The MITRE Corporation. (2015-2022). MITRE ATT&CK® Retrieved September 27, 2022.

CCSDS. (2019, July). RECOMMENDED STANDARD FOR AUTHENTICATION SECURITY CREDENTIALS, CCSDS 357.0-B-1. Retrieved September 29, 2022.