• Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors
        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk
        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender
        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom
        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium
        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health
        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact
        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

Center for Threat-Informed Defense Adds menuPass Adversary Emulation Plan to Growing Library

  • February 4, 2021
Young woman working on digital tablet in server room

Plan tackles threat group targeting managed service providers and Japanese institutions

McLean, VA, and Bedford, MA, February 4, 2021MITRE Engenuity’s Center for Threat-Informed Defense (Center) has added a plan to its public library of adversary emulation resources that will enable defenders to replicate tactics and techniques used by menuPass, a cyber threat actor responsible for global intellectual property theft that is thought to be affiliated with, or working at the behest of, the Chinese Ministry of State Security.

Analysts believe that menuPass has operated against targets in at least 12 countries but has thus far focused on companies that provide IT infrastructure and support services and Japanese institutions. menuPass leveraged its unauthorized access to these managed service providers’ networks to pivot into subscriber networks and steal information from organizations in banking and finance, telecommunications, healthcare, manufacturing, consulting, biotechnology, automotive, and energy.

With the addition of the menuPass plan, the publicly available library now has three emulation plans available for defenders to use. “When the Center established our Adversary Emulation Library last fall, we committed to the community that this would be a living resource, said Richard Struse, Center director. With the support of, and in collaboration with, our members, we will continue to add new resources to this library that will empower defenders to better assess and defend their organizations.”

The release of this emulation plan is the culmination of collaborative research and development with Center members including Fujitsu and Siemens.

"Intelligence-driven cyber defense from an adversary's perspective helps organizations improve their risk resilience. This plan systematically documents the publicly-reported behaviors of an adversary that has been attacking Japanese organizations and impacting them significantly,” said Manabu Muramatsu, senior director of cybersecurity, Infrastructure Service Division in the Defense Systems Unit at Fujitsu Limited. We are proud that we could contribute, in particular, to quality improvements in the machine-readable emulation plan and the script to convert it to a CALDERA plugin. Fujitsu plans to leverage this emulation plan to support our customers to better protect themselves."

“Adversary emulation plans are a great way for us at Siemens to continuously validate and improve our defense capabilities,” said Hans Wallinger, chief technologist for cyber defense at Siemens AG. “It is a privilege for our Siemens Cyber Defense teams to partner with industry leaders on threat-informed defense topics and share back with a very engaged MITRE ATT&CK community. We are very much looking forward to continued collaborations and hope to see the adversary library grow.”

The adversary emulation library is available in the Center’s GitHub organization [https://github.com/center-for-threat-informed-defense/adversary_emulation_library] and is released under the Apache 2 license. The emulation plan is available for security teams to use themselves, as well as in machine-readable form for use with automated tools.

About the Center for Threat-Informed DefenseThe Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.

Media contact:

Jeremy Singer


Related Posts


Load More