| ID | Name |
|---|---|
| ATAGS-T1075.001 | Browser Extentions |
| ATAGS-T1075.002 | Hybrid Identity |
| ATAGS-T1075.003 | IDE extentions |
Threat Actors may abuse an integrated development environment (IDE) extension to establish persistent access to victim systems. IDEs such as Visual Studio Code, IntelliJ IDEA, and Eclipse support extensions - software components that add features like code linting, auto-completion, task automation, or integration with tools like Git and Docker. A malicious extension can be installed through an extension marketplace (i.e., Compromise Software Dependencies and Development Tools) or side-loaded directly into the IDE.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.