Incident Score: Analysis & Impact (ATTIBM1780946436)

Rankiteo's analysis has identified several MITRE ATT&CK tactics and techniques associated with this incident, each with varying levels of confidence based on available evidence. Under the Initial Access tactic, the analysis identified Exploit Public-Facing Application (T1190) with moderate confidence (50%), supported by evidence indicating breaches affecting its core network...over 56,000 times and Valid Accounts (T1078) with moderate to high confidence (70%), supported by evidence indicating aPT 10 may have breached IBM’s systems...poor network design. Under the Persistence tactic, the analysis identified Account Manipulation (T1098) with moderate confidence (60%), supported by evidence indicating breaches spanning from 2013 to 2016...56,000 times and Create Account (T1136) with moderate confidence (50%), supported by evidence indicating aPT 10...breached IBM’s systems over 56,000 times. Under the Credential Access tactic, the analysis identified OS Credential Dumping (T1003) with moderate confidence (60%), supported by evidence indicating neither IBM nor AT&T could confirm what data was accessed and Unsecured Credentials (T1552) with moderate to high confidence (70%), supported by evidence indicating poor network design and insufficient logging. Under the Discovery tactic, the analysis identified Account Discovery (T1087) with moderate confidence (60%), supported by evidence indicating breaches extended to at least two IBM subsidiaries and Network Service Discovery (T1046) with moderate confidence (50%), supported by evidence indicating aPT 10 may have breached IBM’s systems over 56,000 times. Under the Collection tactic, the analysis identified Data from Local System (T1005) with moderate to high confidence (80%), supported by evidence indicating data was accessed, altered, or exfiltrated...insufficient logging and Data from Information Repositories (T1213) with moderate to high confidence (70%), supported by evidence indicating breaches affecting its core network...state-sponsored espionage. Under the Exfiltration tactic, the analysis identified Exfiltration Over C2 Channel (T1041) with high confidence (90%), supported by evidence indicating data exfiltration such as true...APT 10 (state-sponsored) and Exfiltration Over Web Service (T1567) with moderate confidence (60%), supported by evidence indicating chinese threat actor APT 10...breached IBM’s systems. Under the Command and Control tactic, the analysis identified Application Layer Protocol (T1071) with moderate to high confidence (70%), supported by evidence indicating aPT 10...breached IBM’s systems over 56,000 times and Proxy (T1090) with moderate confidence (60%), supported by evidence indicating state-sponsored espionage...concealment alleged. Under the Defense Evasion tactic, the analysis identified Indicator Removal (T1070) with high confidence (90%), supported by evidence indicating lacked critical logs...alleged cover-up by IBM and AT&T and Impair Defenses (T1562) with moderate to high confidence (80%), supported by evidence indicating poor network design and insufficient logging. Under the Impact tactic, the analysis identified Defacement (T1491) with lower confidence (40%), supported by evidence indicating data was accessed, altered, or exfiltrated and Data Destruction (T1485) with moderate confidence (50%), supported by evidence indicating neither IBM nor AT&T could confirm what data was altered. These correlations help security teams understand the attack chain and develop appropriate defensive measures based on the observed tactics and techniques.