T1694: Insecure Credentials
Essential information
- MITRE technique ID
T1694- Confidence
- 75/100
- Revoked
- No
- Published
- 20/04/2026 22:50
- Modified
- 04/05/2026 16:52
- Author / Source
- The MITRE Corporation
Description
Adversaries may target insecure credentials as a means to persist on a system or device or move laterally from one system or device to another. Insecure credentials may appear as default credentials which are pre-configured credentials on a system, device, or software that are well-known in documentation or hard-coded credentials which are built into the system, device, or software that cannot be changed or not easily changed because of the impact on control processes.(Citation: NIST SP 800-82r3)(Citation: ICS-ALERT-13-164-01)(Citation: OT IceFall)
Adversaries often times use insecure credentials to evade detection as they are typically forgotten about by system and device owners.
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-ics-attack-v19 | lateral-movement |
| mitre-ics-attack | lateral-movement |
| mitre-ics-attack | persistence |
| mitre-ics-attack-v19 | persistence |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.