216.73.216.133

T1694.002: Hardcoded Credentials

View on MITRE ATT&CK The MITRE Corporation · Published 20/04/2026 22:54 · Modified 04/05/2026 16:52

Essential information

MITRE technique ID
T1694.002
Confidence
75/100
Revoked
No
Published
20/04/2026 22:54
Modified
04/05/2026 16:52
Author / Source
The MITRE Corporation

Description

Adversaries may leverage credentials that are hardcoded in software or firmware to gain an unauthorized interactive user session to an asset. Examples credentials that may be hardcoded in an asset include: * Username/Passwords * Cryptographic keys/Certificates * API tokens Unlike [Default Credentials](https://attack.mitre.org/techniques/T0812), these credentials are built into the system in a way that they either cannot be changed by the asset owner, or may be infeasible to change because of the impact it would cause to the control system operation. These credentials may be reused across whole product lines or device models and are often not published or known to the owner and operators of the asset.(Citation: ICS-ALERT-13-164-01)(Citation: OT IceFall) Adversaries may utilize these hardcoded credentials to move throughout the control system environment or provide reliable access for their tools to interact with industrial assets.

Kill chain phases

Kill chainPhase
mitre-ics-attack-v19 lateral-movement
mitre-ics-attack lateral-movement
mitre-ics-attack persistence
mitre-ics-attack-v19 persistence

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references