Applied Cybernetics Group
T1496 — Resource Hijacking
- Technique
T1496- Tactics
- Impact
- MISP citations
- 0
- KEV CVEs mapped
- 19
- Community rules
- 13
- thrunt rules
- 0
- Upstream
- https://attack.mitre.org/techniques/T1496
MITRE description
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. Resource hijacking may take a number of different forms. For example, adversaries may: * Leverage compute resources in order to mine cryptocurrency * Sell network bandwidth to proxy networks * Generate SMS traffic for profit * Abuse cloud-based messaging services to send large quantities of spam messages In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)
KEV CVEs mapped to this technique
Per MITRE CTID's hand-curated KEV→ATT&CK mappings — these are the actively-exploited vulnerabilities behind this technique's KEV signal.
CVE-2025-4632CVE-2024-23692CVE-2023-49897CVE-2023-47565CVE-2023-38035CVE-2023-32315CVE-2023-22527CVE-2023-1389CVE-2022-29464CVE-2022-29303CVE-2021-44228CVE-2021-35394CVE-2021-26084CVE-2021-22205CVE-2020-8515CVE-2019-18935CVE-2018-7600CVE-2018-11776CVE-2017-9822
Detection coverage
SigmaHQ community rules
- Azure Container Registry Created or Deleted (core)
- Azure Kubernetes Cluster Created or Deleted (core)
- Azure Kubernetes Network Policy Change (core)
- Azure Kubernetes Sensitive Role Access (core)
- Azure Kubernetes RoleBinding/ClusterRoleBinding Modified and Deleted (core)
- Azure Kubernetes Secret or Config Object Access (core)
- Azure Kubernetes Service Account Modified or Deleted (core)
- Linux Crypto Mining Pool Connections (core)
- Linux Crypto Mining Indicators (core)
- Monero Crypto Coin Mining Pool Lookup (core)
- DNS Events Related To Mining Pools (core)
- Network Communication With Crypto Mining Pool (core)
- Potential Crypto Mining Activity (core)