Change Operating Mode (T0858)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Change Operating Mode

Associated Tactics

  • Execution
  • Evasion

Execution (TA0104)

The adversary is trying to run code or manipulate system functions, parameters, and data in an unauthorized way. Execution consists of techniques that result in adversary-controlled code running on a local or remote system, device, or other asset. This execution may also rely on unknowing end users or the manipulation of device operating modes to run. Adversaries may infect remote targets with programmed executables or malicious project files that operate according to specified behavior and may alter expected device behavior in subtle ways. Commands for execution may also be issued from command-line interfaces, APIs, GUIs, or other available interfaces. Techniques that run malicious code may also be paired with techniques from other tactics, particularly to aid network [Discovery](https://attack.mitre.org/tactics/TA0102) and [Collection](https://attack.mitre.org/tactics/TA0100), impact operations, and inhibit response functions.

View on ATT&CK

Procedure Examples

Description Source(s)
Machine Information Systems 2007 How PLCs Work Retrieved. 2021/01/28 Machine Information Systems 2007
N.A. 2017, October What are the different operating modes in PLC? Retrieved. 2021/01/28 N.A. October 2017
Omron Machine Information Systems 2007 How PLCs Work Retrieved. 2021/01/28 PLC Different Operating Modes Retrieved. 2021/01/28 Omron
PLCgurus 2021 PLC Basics Modes Of Operation Retrieved. 2021/01/28 PLCgurus 2021