The non-profit MITRE Corporation on Thursday released a new framework to help organizations fight fraudsters.
MITRE’s Fight Fraud Framework (MITRE F3) is a curated knowledge base that provides a behavior-based model of the tactics, techniques, and procedures (TTPs) fraudsters employ, informed by real-world attacks.
“These incidents involve the intentional use of deceptive or illegal practices to fraudulently obtain money, assets, or information from individuals or institutions, and include actions carried out over cyber channels,” MITRE says.
The framework offers a common structure and taxonomy describing cyber fraud incidents and is meant to enable stronger collaboration on fraud detection, prevention, and response.
The analyst-developed knowledge base was designed as a structured, transparent, and operationally relevant resource that is globally accessible, open, and free for use.
MITRE F3 details behaviors that are not included in the ATT&CK framework by introducing two fraud-specific tactics.
These include positioning, which includes the post-compromise actions aimed at collecting and manipulating data and preparing follow-up execution, and monetization, which involves the activities threat actors perform to convert the compromised assets into usable value.
“These additions capture the uniqueness of fraud where success depends on moving and extracting value, not just gaining access. By capturing those stages, F3 allows defenders to trace fraud activity from initial compromise through financial impact,” MITRE notes.
The framework also changes the definition of tactics that already exist in ATT&CK, such as reconnaissance, resource development, initial access, defense evasion, and execution.
“This structure creates a shared language that allows cyber and fraud defenders to enumerate the material events in a fraud incident, connect cyber activity to financial outcomes, and align detection, prevention, and response strategies,” MITRE explains.
In addition to launching a website for the framework, MITRE published a visual representation of the described tactics, along with details on the F3 design principles and methodology, and information on how it can be used.
Additional resources are available in a GitHub repository that also provides details on how interested parties can get involved with the project.
Related: MITRE Launches New Security Framework for Embedded Systems
Related: MITRE Releases 2025 List of Top 25 Most Dangerous Software Vulnerabilities
Related: MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
Related: MITRE Unveils AADAPT Framework to Tackle Cryptocurrency Threats
