Impair Defenses: Downgrade Attack

Other sub-techniques of Impair Defenses (13)

ID	Name
ATAGS-T1097.001	Triggering the clear mode
ATAGS-T1097.002	Disable or Modify Cloud Firewall
ATAGS-T1097.003	Disable or Modify Cloud Logs
ATAGS-T1097.004	Disable or Modify Linux Audit System
ATAGS-T1097.005	Disable or Modify Network Device Firewall
ATAGS-T1097.006	Disable or Modify System Firewall
ATAGS-T1097.007	Disable or Modify Tools
ATAGS-T1097.008	Disable Windows Event Logging
ATAGS-T1097.009	Downgrade Attack
ATAGS-T1097.010	Impair Command History Logging
ATAGS-T1097.011	Indicator Blocking
ATAGS-T1097.012	Safe Mode Boot
ATAGS-T1097.013	Spoof Security Alerting

Threat Actors may downgrade or use a version of system features that may be outdated, vulnerable, and/or does not support updated security controls. Downgrade attacks typically take advantage of a system’s backward compatibility to force it into less secure modes of operation.

ID: ATAGS-T1097.009

Sub-technique of: ATAGS-T1097

ⓘ

Tactic: Defense Evasion

ⓘ

Targeted Components: Software

ⓘ

Responsibility: Provider

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.