Modify Authentication Process

Sub-techniques (9)

ID	Name
ATAGS-T1055.001	Domain Controller Authentication
ATAGS-T1055.002	Multi-Factor Authentication
ATAGS-T1055.003	Network Device Authentication
ATAGS-T1055.004	Network Provider DLL
ATAGS-T1055.005	Password Filter DLL
ATAGS-T1055.006	Pluggable Authentication Modules
ATAGS-T1055.007	Reversible Encryption
ATAGS-T1055.008	Conditional Access Policies
ATAGS-T1055.009	Hybrid Identity

Threat actors may modify the internal authentication process of the victim ground station to facilitate initial access, recurring execution, or prevent authorized entities from accessing the ground station. This can be done through the modification of the software binaries or memory manipulation techniques.

ID: ATAGS-T1055

Sub-techniques: ATAGS-T1055.001, ATAGS-T1055.002, ATAGS-T1055.003, ATAGS-T1055.004, ATAGS-T1055.005, ATAGS-T1055.006, ATAGS-T1055.007, ATAGS-T1055.008, ATAGS-T1055.009

ⓘ

Tactics: Execution, Persistence, Defense Evasion, Credential Access

ⓘ

Targeted Components: Cloud Control Plane

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.