Skip to content

Resource hijacking

Info

ID: MS-TA9039
Tactic: Impact
MITRE technique: T1496

Attackers may abuse a compromised resource for running tasks. A common abuse is to use compromised resources for running digital currency mining. Attackers who have access to a container in the cluster or have permissions to create new containers may use them for such activity.

Mitigations

ID Mitigation Description
MS-M9011 Restrict Container Runtime using LSM Restrict execution of unwanted processes in containers.
MS-M9012 Remove Tools from Container Images Remove unused tools from the container image.