216.73.216.6

T1491.001: T1491.001

View on MITRE ATT&CK The MITRE Corporation · Published 20/02/2020 15:31 · Modified 14/04/2026 16:20

Essential information

MITRE technique ID
T1491.001
Confidence
100/100
Revoked
No
Published
20/02/2020 15:31
Modified
14/04/2026 16:20
Author / Source
The MITRE Corporation

Aliases

Internal Defacement

Platforms

windows macos linux ESXi

Description

An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users, thus discrediting the integrity of the systems. This may take the form of modifications to internal websites or server login messages, or directly to user systems with the replacement of the desktop wallpaper.(Citation: Novetta Blockbuster)(Citation: Varonis) Disturbing or offensive images may be used as a part of [Internal Defacement](https://attack.mitre.org/techniques/T1491/001) in order to cause user discomfort, or to pressure compliance with accompanying messages. Since internally defacing systems exposes an adversary's presence, it often takes place after other intrusion goals have been accomplished.(Citation: Novetta Blockbuster Destructive Malware)

Kill chain phases

Kill chainPhase
mitre-attack impact

Marking (TLP)

TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Intrusion sets, malware, reports, vulnerabilities, indicators and other entities linked to this technique.