Using MITRE ATT&CK with cyber threat intelligence

The MITRE ATT&CK framework is a tool developed by the MITRE Corporation. It is designed to provide information about how a cyberattack works and the various means that an attacker can carry out their goals at each stage of an attack.

MITRE ATT&CK is primarily a repository of information without a clear guide on how to work through and take advantage of it. Cyber threat intelligence provides this guidance, and MITRE ATT&CK offers a few tools to help organizations to use it to operationalize their threat intelligence.


Cyber threat actors commonly operate in groups. Many cybersecurity organizations track advanced persistent threats (APTs), organized cybercrime groups and other cyber threats. These groups are defined and tracked by identifying commonalities between cyberattack campaigns believed to originate from the same threat actors.

The MITRE ATT&CK Framework includes a listing of these groups. For each of the 110 groups currently tracked, MITRE ATT&CK includes a list of the Techniques and Software known to be used by these groups.

This enables an organization to leverage MITRE ATT&CK to develop defenses and mitigations based upon threat intelligence linked to various cyber threat groups. Knowledge that a particular group is active and that

Read More: