| ID | Name |
|---|---|
| ATAGS-T1112.001 | TC Brute Forcing |
| ATAGS-T1112.002 | Credential Stuffing |
| ATAGS-T1112.003 | Password Cracking |
| ATAGS-T1112.004 | Password Guessing |
| ATAGS-T1112.005 | Password Spraying |
Threat Actors may use credentials obtained from breach dumps of unrelated accounts to gain access to target accounts through credential overlap. Occasionally, large numbers of username and password pairs are dumped online when a website or service is compromised and the user account credentials accessed. The information may be useful to Threat Actors attempting to compromise accounts by taking advantage of the tendency for users to use the same passwords across personal and business accounts.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.