216.73.216.133

T1694: Insecure Credentials

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:50 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T1694
Confidence
75/100
Revoked
No
Published
20/04/2026 22:50
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may target insecure credentials as a means to persist on a system or device or move laterally from one system or device to another. Insecure credentials may appear as default credentials which are pre-configured credentials on a system, device, or software that are well-known in documentation or hard-coded credentials which are built into the system, device, or software that cannot be changed or not easily changed because of the impact on control processes.(Citation: NIST SP 800-82r3)(Citation: ICS-ALERT-13-164-01)(Citation: OT IceFall) Adversaries often times use insecure credentials to evade detection as they are typically forgotten about by system and device owners.

Kill chain phases

Kill chainPhase
mitre-ics-attack-v19 lateral-movement
mitre-ics-attack lateral-movement
mitre-ics-attack persistence
mitre-ics-attack-v19 persistence

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references