Show in Graph
Common Information
Type Value
Value 
Multi-Factor Authentication - T1556.006
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts. Once adversaries have gained access to a network by either compromising an account lacking MFA or by employing an MFA bypass method such as [Multi-Factor Authentication Request Generation](https://attack.mitre.org/techniques/T1621), adversaries may leverage their access to modify or completely disable MFA defenses. This can be accomplished by abusing legitimate features, such as excluding users from Azure AD Conditional Access Policies, registering a new yet vulnerable/adversary-controlled MFA method, or by manually patching MFA programs and configuration files to bypass expected functionality.(Citation: Mandiant APT42)(Citation: Azure AD Conditional Access Exclusions) For example, modifying the Windows hosts file (`C:\windows\system32\drivers\etc\hosts`) to redirect MFA calls to localhost instead of an MFA server may cause the MFA process to fail. If a "fail open" policy is in place, any otherwise successful authentication attempt may be granted access without enforcing MFA. (Citation: Russians Exploit Default MFA Protocol - CISA March 2022) Depending on the scope, goals, and privileges of the adversary, MFA defenses may be disabled for individual accounts or for all accounts tied to a larger group, such as all domain accounts in a victim's network environment.(Citation: Russians Exploit Default MFA Protocol - CISA March 2022)
Details Published Attributes CTI Title
Details Website 2024-11-12 8 Evilginx on DigitalOcean
Details Website 2024-11-12 0 Understanding The Pillars of Cybersecurity: Essential Principles for Protecting Your Data and…
Details Website 2024-11-12 0 🚨 Massive Data Breach Affects Millions of Hot Topic Customers 🚨
Details Website 2024-11-12 0 How Modern Companies Deal with Cyber Threats
Details Website 2024-11-12 0 Building Cyber Resilience: A Practical Approach for Enterprise Security
Details Website 2024-11-12 2 Identity is the New Perimeter: An Infostealer Perspective
Details Website 2024-11-12 5 What Is Information Security? Goals, Types and Applications
Details Website 2024-11-12 0 Hot Topic Data Breach: A Massive Leak Exposes Millions of Customer Records - SOCRadar® Cyber Intelligence Inc.
Details Website 2024-11-12 0 Defend Like a Pro: Essential Cybersecurity Configurations for Your Network
Details Website 2024-11-12 0 The rise of phishing-resistant MFA and what it means for a passwordless future
Details Website 2024-11-12 2 Hot Topic Data Breach: A Massive Leak Exposes Millions of Customer Records
Details Website 2024-11-12 0 E-Ticaret Dünyasında Güvende Kalmak: En İyi Siber Güvenlik Stratejileri
Details Website 2024-11-12 1 Protecting Critical Infrastructure: A Collaborative Approach to Security for ICS, OT, and IIoT
Details Website 2024-11-12 0 Top 5 Real-World Examples of a Supply Chain Attack
Details Website 2024-11-12 19 New GootLoader Campaign Targets Users Searching for Bengal Cat Laws in Australia - CyberSRC
Details Website 2024-11-12 7 10 Best DNS Management Tools - 2025
Details Website 2024-11-12 0 5 Identity Theft Challenges Every Business Needs to Tackle - Cybersecurity Insiders
Details Website 2024-11-12 13 Lessons from the Data Breach at Mt Hira College
Details Website 2024-11-11 0 🚨 Amazon Confirms Data Breach: What It Means for Employee Security and Penetration Testing 🚨
Details Website 2024-11-11 1 🚨 FBI Warns of Cybercriminals Exploiting Fake Emergency Data Requests (EDRs)! 🛡️
Details Website 2024-11-11 2 Best Practices for Cybersecurity in Federal Cloud Computing
Details Website 2024-11-11 0 ISC2-CC | Domain 3: Access Control Concepts
Details Website 2024-11-11 1 Microsoft Visio Files Used in Sophisticated Phishing Attacks
Details Website 2024-11-11 0 DAY 42
Details Website 2024-11-11 0 Cybersecurity In Wealth Management