Not-for-profit organization MITRE released ATT&CK v19, introducing a series of structural and intelligence updates across the framework. The long-anticipated Defense Evasion split is now implemented, refining how evasion techniques are categorized and tracked. The ICS (Industrial Control Systems) matrix has been expanded with more granular sub-techniques, offering deeper visibility into industrial attack paths. Detection guidance is also evolving, with new strategies extending into mobile environments. At the same time, cyber threat intelligence coverage broadens to reflect emerging patterns, including AI-orchestrated espionage, Iranian hacktivist activity, and cross-domain wiper attacks.
Amy L. Robertson wrote in a recent Medium post that “This release reflects how we’re continuing to work toward making ATT&CK more actionable at every layer, from clearer tactic boundaries that map to how defenders actually think about adversary intent, new ICS sub-techniques that make broad behaviors more precise and operationally useful, Mobile detection guidance that gives you a traceable path from behavior to telemetry, and threat coverage that reflects where adversaries are operating.”
She confirmed that ICS is moving to a more granular model, with new sub-techniques across firmware, communications, and discovery designed to make ATT&CK coverage more actionable.
The ATT&CK v19 post outlined a set of structural updates in which five parent techniques were reorganized with more granular sub-techniques. T1693: Modify Firmware now separates system firmware and module firmware to reflect distinct detection surfaces and integrity monitoring requirements. T1695: Block Communications has been introduced as a new technique, subsuming Serial COM while adding Ethernet and Wi-Fi as sub-techniques to capture disruption across both physical and network layers.
Next comes the T0846: Remote System Discovery, which has been expanded to distinguish between port scanning, broadcast discovery, and multicast discovery. T0843: Program Download now reflects the different methods adversaries use to modify programmable controllers, including download all, online edit, and program append. In addition, T1694: Insecure Credentials has been added as a new technique, with default and hardcoded credentials defined as sub-techniques to better represent how built-in credentials are exploited.
The ICS Crosswalk provides a structured way to align mappings with ATT&CK v19. For entries marked as existing techniques, the first step is to replace the previous ATT&CK ID with the updated v19 ID, update the corresponding technique name, and, where applicable, reflect any new parent technique assignment. If STIX identifiers are used, these should also be updated to their v19 equivalents.
Techniques that have been reclassified as sub-techniques require a direct remap, replacing the original standalone technique ID with the new sub-technique ID and recording the associated parent technique. In cases where techniques remain unchanged at the top level, no remapping is required, but the newly introduced sub-techniques should be reviewed to determine whether more precise mapping is now possible.
The crosswalk also introduces entirely new parent techniques, which serve to organize the updated structure. These should be incorporated into mappings where relevant to ensure alignment with the revised ATT&CK framework.
Robinson said the ATT&CK v19 update expands cyber threat intelligence coverage across Iran and China, while tracking early signs of AI-enabled tradecraft, cross-domain operations, software supply chain compromises, activity in underreported regions, and the continued use of commodity crimeware.
The update brings sharper focus on Iranian-linked activity, including Void Manticore, an MOIS-associated actor operating personas such as Handala Hack, Karma, and Homeland Justice, now tied to campaigns targeting U.S. organizations, including the 2026 Stryker attack. MuddyWater has also been expanded with new tooling such as MuddyViper, RustyWater, and Fooder, reflecting a continued shift toward stealthier and more adaptive behaviors.
ATT&CK v19 release also captures early signs of AI-enabled operations. The Anthropic AI-orchestrated Campaign documents activity linked to a PRC-directed cluster using Claude Code to autonomously execute large parts of a multi-stage espionage campaign. In parallel, LAMEHUG is introduced as the first known malware to query a large language model during live operations, associated with APT28.
MITRE mentioned that coverage tied to China expands both in actor visibility and infrastructure targeting. MirrorFace is added as a subgroup of menuPass, alongside its campaign Operation AkaiRyū. Updates to Volt Typhoon highlight evolving initial access broker activity, while new tools, including BRICKSTORM, BRUSHFIRE, SPAWNCHIMERA, PHASEJAM, and DRYHOOK deepen insight into how PRC-linked actors are targeting network and edge devices.
Cross-domain activity continues to blur traditional boundaries. The Hamas-affiliated WIRTE has shifted toward more disruptive operations since late 2023, while SameCoin has been introduced as a cross-domain wiper spanning enterprise and mobile environments. The 2025 Poland Wiper Attacks are also mapped as a cross-domain campaign across ICS and enterprise systems, with DynoWiper and LazyWiper marking the first destructive deployment against a NATO member’s energy infrastructure.
Supply chain threats are expanding through legitimate ecosystems. GlassWorm and Shai-Hulud capture the 2025 npm compromises that exposed developer credentials across hundreds of organizations, while TruffleHog is included for its role within that infection chain as a weaponized component.
In Latin America, APT-C-36 continues to rely on commodity crimeware, reflected in the addition of HeartCrypt and PureCrypter. SystemBC highlights its role as a persistent SOCKS5 proxy and ransomware enabler, while Evilginx2 underscores growing use of adversary-in-the-middle techniques to bypass multi-factor authentication in real time. Finally, Qilin now includes Linux support, marking its expansion beyond Windows to target environments such as VMware ESXi.
Last July, MITRE launched Detection Strategies to give defenders practical, platform-specific guidance for detecting ATT&CK techniques. Each strategy connects adversary behavior to analytics, log sources, and tunable parameters, helping teams trace a clear path from technique to telemetry across different environments.
Robinson detailed that with the ATT&CK v19 release, the Defense and Mobile team started applying detection strategies to the Mobile domain. “The Mobile detection strategies are designed to reflect that visibility is often uneven and depends on the tools defenders have in place. To address that, the guidance is vendor-agnostic and built to work across a wide range of visibility levels. It focuses on realistic signals defenders can observe, regardless of which mobile security products they use, and clearly calls out where visibility gaps remain and what telemetry or tooling would be needed to fill them.”
Addressing AI and social engineering techniques, Robinson mentioned that “We’re continuing to look at where ATT&CK coverage should expand, especially around adversarial uses of AI and social engineering. In both cases, the core question is the same: does this behavior create meaningfully different detection, defensive response or analytic requirements, or is it a variation of something already covered?”
She added that what changes across the matrix is the kind of value that coverage provides.
“In Reconnaissance and Resource Development, most of the activity happens outside the target environment, so the value of coverage is more centered on analytical and operational completeness than on direct detection,” Robinson wrote. “For techniques deeper in the post-compromise phases, distinct detection logic and defensive response requirements are critical. But question is the same for both pre-and-post. Does covering this behavior help defenders understand, track, and respond to adversary operations more effectively than not covering it?”
She further identified that for AI-enabled techniques, “the key distinction is the behavior, not the tool. AI can make those activities faster, cheaper, and easier to scale, but it doesn’t fundamentally change what the adversary is doing (yet!). ATT&CK focuses on the behavior, so the coverage stays useful even as specific models and platforms change.”
For social engineering, Robinson noted that the same logic applies, as adversaries have always tried to manipulate people into taking specific actions. “Whether that happens over email, voice, or a help desk call, the channel is how the behavior is delivered, and the behavior itself is the manipulation. Treating that manipulation as its own behavior category makes it easier for defenders to track and respond to it, no matter how adversaries implement it.”
The ATT&CK v19 release introduces new techniques that expand ATT&CK coverage of how adversaries use AI to scale research and content generation, while also formalizing social engineering under a dedicated parent technique. T1682: Query Public AI Services captures how threat actors leverage publicly available AI platforms for large-scale target research and operational planning. T1683: Generate Content, along with its sub-techniques for written and audio-visual material, reflects how adversaries develop content across manual, third-party, and AI-assisted workflows.
On the social engineering side, T1684: Social Engineering establishes a unified framework for trust-based manipulation across channels such as email, voice, collaboration platforms, and help desk interactions, to trigger user-authorized actions, including password resets, MFA changes, financial approvals, or disclosure of sensitive information.
Existing techniques covering impersonation and email spoofing have been restructured under this parent. The associated detection strategy focuses on a consistent behavioral pattern in which suspicious interactions are followed by anomalous user-approved actions, allowing defenders to anchor detection in behavior rather than channel-specific signals.
In conclusion, Robinson wrote, “There’s more to come this year, and we’ll be publishing the Roadmap soon to provide more details on changes and additions across ATT&CK. ATT&CKcon 7.0 will take place October 27–28 and we’ll be releasing the Call For Papers in the next couple of months.”
