Threat Actors may poison Address Resolution Protocol (ARP) caches to position themselves between the communication of two or more networked devices. This activity may be used to enable follow-on behaviors such as Network Sniffing or Transmitted Data Manipulation.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.