Modify Authentication Process: Multi-Factor Authentication

ID	Name
ATAGS-T1055.001	Domain Controller Authentication
ATAGS-T1055.002	Multi-Factor Authentication
ATAGS-T1055.003	Network Device Authentication
ATAGS-T1055.004	Network Provider DLL
ATAGS-T1055.005	Password Filter DLL
ATAGS-T1055.006	Pluggable Authentication Modules
ATAGS-T1055.007	Reversible Encryption
ATAGS-T1055.008	Conditional Access Policies
ATAGS-T1055.009	Hybrid Identity

Threat Actors may disable or modify multi-factor authentication (MFA) mechanisms to enable persistent access to compromised accounts.

ID: ATAGS-T1055.002

Sub-technique of: ATAGS-T1055

ⓘ

Tactic: Execution

ⓘ

Targeted Components: Cloud Control Plane

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.