Wireless Compromise (T0860)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Wireless Compromise

Associated Tactics

  • Initial Access

Initial Access (TA0108)

The adversary is trying to get into your ICS environment. Initial Access consists of techniques that adversaries may use as entry vectors to gain an initial foothold within an ICS environment. These techniques include compromising operational technology assets, IT resources in the OT network, and external remote services and websites. They may also target third party entities and users with privileged access. In particular, these initial access footholds may include devices and communication mechanisms with access to and privileges in both the IT and OT environments. IT resources in the OT environment are also potentially vulnerable to the same attacks as enterprise IT systems. Trusted third parties of concern may include vendors, maintenance personnel, engineers, external integrators, and other outside entities involved in expected ICS operations. Vendor maintained assets may include physical devices, software, and operational equipment. Initial access techniques may also leverage outside devices, such as radios, controllers, or removable media, to remotely interfere with and possibly infect OT operations.

View on ATT&CK

Procedure Examples

Description Source(s)
Alexander Bolshev 2014, March 11 S4x14: HART As An Attack Vector Retrieved. 2020/01/05 Alexander Bolshev March 2014
Alexander Bolshev, Gleb Cherbov 2014, July 08 ICSCorsair: How I will PWN your ERP through 4-20 mA current loop Retrieved. 2020/01/05 Alexander Bolshev, Gleb Cherbov July 2014
Bruce Schneier 2008, January 17 Hacking Polish Trams Retrieved. 2019/10/17 Bruce Schneier January 2008
John Bill 2017, May 12 Hacked Cyber Security Railways Retrieved. 2019/10/17 John Bill May 2017
Shelley Smith 2008, February 12 Teen Hacker in Poland Plays Trains and Derails City Tram System Retrieved. 2019/10/17 Shelley Smith February 2008