Multi-Factor Authentication Interception (T1111)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Multi-Factor Authentication Interception

Associated Tactics

  • Credential Access

Credential Access (TA0006)

The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.

View on ATT&CK

Procedure Examples

Description Source(s)
Jackson, William. (2011, June 7). RSA confirms its tokens used in Lockheed hack. Retrieved September 24, 2018. GCN RSA June 2011
Mandiant. (2011, January 27). Mandiant M-Trends 2011. Retrieved January 10, 2016. Mandiant M Trends 2011
Okta. (2022, August 25). Detecting Scatter Swine: Insights into a Relentless Phishing Campaign. Retrieved February 24, 2023. Okta Scatter Swine 2022