BREAKING: MITRE Engenuity Publishes their Blueprint for a Domestic Semiconductor Industry. Read the Paper.

        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors
        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk
        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender
        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom
        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium
        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health
        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact
        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

MITRE Engenuity Center for Threat-Informed Defense Releases FIN6 Adversary Emulation Plan

  • September 15, 2020
Plan Empowers Defenders to Emulate Cybercrime Group Targeting Retail, Hospitality McLean, VA, and Bedford, MA, September 15, 2020 MITRE Engenuity's Center for Threat-Informed Defense has launched a public library of adversary emulation plans that enable defenders to replicate many of the tactics and techniques used by known cyber adversaries. The first entry features a curated selection of malicious behaviors used by the cybercrime group known as FIN6. Security analysts believe that FIN6 is a financially motivated cybercrime group that has compromised high-volume point-of-sale systems in the hospitality and retail sectors since at least 2015. The group has focused on U.S. and European e-commerce sites and multinational organizations, though it has targeted companies based in other countries as well. FireEye estimates that the group has stolen $400 million via credit card data. The FIN6 adversary emulation plan includes a detailed intelligence summary and a step-by-step guide for emulating the group. It gives red team operators a series of scripts and commands that can be easily extracted and used in a repeatable fashion to emulate adversary behavior. "While the FIN6 plan is the initial entry in the library, the Center and its research participants will be adding additional adversary emulation plans on a regular basis. This library makes it much easier for defenders around the world to assess their own environments against the threat posed by specific adversaries and use the results to rapidly improve their organizations' cybersecurity posture," said Richard Struse, Center director. "Creating publicly available resources that empower organizations to make evidence-based decisions and investments is at the heart of the Center's purpose." "Microsoft believes the key to getting ahead of attackers is to think as they do, and the only way to do that is by learning their techniques. This new library of attacker techniques will enable defenders to more quickly, efficiently, and accurately emulate attacks from a dangerous actor targeting financial services companies, FIN6," said Dana Baril, senior security research lead at Microsoft Security. "Microsoft is honored to take part in contributing to and sponsoring this library that will help improve overall defense capabilities to detect and block these techniques at first sight." "This is an historic first, and as a founding research partner of the Center for Threat-Informed Defense, I am immensely proud that AttackIQ is working with MITRE and the Center team to make this emulation plan publicly available," said Carl Wright, chief commercial officer at AttackIQ. "Too many organizations lack the resources to study adversaries and build these emulation plans. We are working in the public interest to help every organization become more resilient to cyberattacks." "We were excited to collaborate with other industry leaders through the Center to develop the FIN6 adversary emulation plan," said Manabu Muramatsu, senior director of cybersecurity, Infrastructure Service Division in the Defense Systems Unit at Fujitsu Limited. "We plan to leverage the plan to help our customers better protect themselves." The adversary emulation library is available in the Center's GitHub organization [] and is released under the Apache 2 license. The emulation plan is available for security teams to use themselves, as well as in machine-readable form for use with automated tools. About MITRE Engenuity Center for Threat-Informed Defense The Center is a nonprofit, privately funded research and development organization currently comprised of 23 organizations from around the globe with highly sophisticated security teams. Together with Research Participants, the Center builds on MITRE ATT&CK, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.   Media contact: Jeremy Singer

Related Posts


Load More