• Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.


Center for Threat-Informed Defense Adds menuPass Adversary Emulation Plan to Growing Library

Plan tackles threat group targeting managed service providers and Japanese institutions

McLean, VA, and Bedford, MA, February 4, 2021 MITRE Engenuity’s Center for Threat-Informed Defense (Center) has added a plan to its public library of adversary emulation resources that will enable defenders to replicate tactics and techniques used by menuPass, a cyber threat actor responsible for global intellectual property theft that is thought to be affiliated with, or working at the behest of, the Chinese Ministry of State Security.

Analysts believe that menuPass has operated against targets in at least 12 countries but has thus far focused on companies that provide IT infrastructure and support services and Japanese institutions. menuPass leveraged its unauthorized access to these managed service providers’ networks to pivot into subscriber networks and steal information from organizations in banking and finance, telecommunications, healthcare, manufacturing, consulting, biotechnology, automotive, and energy.

With the addition of the menuPass plan, the publicly available library now has three emulation plans available for defenders to use. “When the Center established our Adversary Emulation Library last fall, we committed to the community that this would be a living resource,” said Richard Struse, Center director. “With the support of, and in collaboration with, our members, we will continue to add new resources to this library that will empower defenders to better assess and defend their organizations.”

The release of this emulation plan is the culmination of collaborative research and development with Center members including Fujitsu and Siemens.

“Intelligence-driven cyber defense from an adversary’s perspective helps organizations improve their risk resilience. This plan systematically documents the publicly-reported behaviors of an adversary that has been attacking Japanese organizations and impacting them significantly,” said Manabu Muramatsu, senior director of cybersecurity, Infrastructure Service Division in the Defense Systems Unit at Fujitsu Limited. “We are proud that we could contribute, in particular, to quality improvements in the machine-readable emulation plan and the script to convert it to a CALDERA plugin. Fujitsu plans to leverage this emulation plan to support our customers to better protect themselves.”

“Adversary emulation plans are a great way for us at Siemens to continuously validate and improve our defense capabilities,” said Hans Wallinger, chief technologist for cyber defense at Siemens AG. “It is a privilege for our Siemens Cyber Defense teams to partner with industry leaders on threat-informed defense topics and share back with a very engaged MITRE ATT&CK community. We are very much looking forward to continued collaborations and hope to see the adversary library grow.”

The adversary emulation library is available in the Center’s GitHub organization [https://github.com/center-for-threat-informed-defense/adversary_emulation_library] and is released under the Apache 2 license. The emulation plan is available for security teams to use themselves, as well as in machine-readable form for use with automated tools.

About the Center for Threat-Informed Defense
The Center is a non-profit, privately funded research and development organization operated by MITRE Engenuity. The Center’s mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Comprised of participant organizations from around the globe with highly sophisticated security teams, the Center builds on MITRE ATT&CK®, an important foundation for threat-informed defense used by security teams and vendors in their enterprise security operations. Because the Center operates for the public good, outputs of its research and development are available publicly and for the benefit of all.

Media contact:

Jeremy Singer