Adversary in the Middle

ID	Name
ATAGS-T1111.001	Lower Orbit Satellites, or Drones
ATAGS-T1111.002	ARP Cache Poisoning
ATAGS-T1111.003	DHCP Spoofing
ATAGS-T1111.004	Evil Twin
ATAGS-T1111.005	LLMNR/NBT-NS Poisoning and SMB Relay
ATAGS-T1111.006	Unauthenticated gateway or unauthenticated interplanetary node
ATAGS-T1111.007	Satellite constellation

Threat actors may attempt to position themselves between two or more networked devices using an adversary-in-the-middle (AiTM) technique.

ID: ATAGS-T1111

Sub-techniques: ATAGS-T1111.001, ATAGS-T1111.002, ATAGS-T1111.003, ATAGS-T1111.004, ATAGS-T1111.005, ATAGS-T1111.006, ATAGS-T1111.007

ⓘ

Tactics: Credential Access, Collection

ⓘ

Targeted Components: Mission, Personnel & Identity

ⓘ

Responsibility: Shared

Created: 18 April 2026

Last Modified: 18 April 2026

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.