| ID | Name |
|---|---|
| ATAGS-T1059.001 | At |
| ATAGS-T1059.002 | Container Orchestration Job |
| ATAGS-T1059.003 | Cron |
| ATAGS-T1059.004 | Scheduled Task |
| ATAGS-T1059.005 | Systemd Timers |
Threat actors may abuse systemd timers to perform task scheduling for initial or recurring execution of malicious code. Systemd timers are unit files with file extension .timer that control services. Timers can be set to run on a calendar event or after a time span relative to a starting point. They can be used as an alternative to Cron in Linux environments. Systemd timers may be activated remotely via the systemctl command line utility, which operates over SSH.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.