T1213.003: Code Repositories
| View on MITRE ATT&CK | T1213.003 |
|---|---|
| Tactic(s) | Collection |
Data from MITRE ATT&CK®:
Adversaries may leverage code repositories to collect valuable information. Code repositories are tools/services that store source code and automate software builds. They may be hosted internally or privately on third party sites such as Github, GitLab, SourceForge, and BitBucket. Users typically interact with code repositories through a web application or command-line utilities such as git.
Once adversaries gain access to a victim network or a private code repository, they may collect sensitive information such as proprietary source code or credentials contained within software's source code. Having access to software's source code may allow adversaries to develop Exploits, while credentials may provide access to additional resources using Valid Accounts.(Citation: Wired Uber Breach)(Citation: Krebs Adobe)
Note: This is distinct from Code Repositories, which focuses on conducting Reconnaissance via public code repositories.
© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Cyber Threat Graph Context
Explore how this ATT&CK Technique relates to the wider threat graph
Reporting on this Technique
Scattered Spider Advisory AA23-320A
This advisory from CISA outlines tactics, techniques and procedures used by the Scattered Spider threat actors, as observed by the FBI up until ...
Mitigations for this technique
MITRE ATT&CK Mitigations
User Account Management
Manage the creation, modification, use, and permissions associated to user accounts.User Training
Train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction.Audit
Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses.Multi-factor Authentication
Use two or more pieces of evidence to authenticate to a system; such as username and password in addition to a token from a physical smart card or token generator.How to detect this technique
MITRE ATT&CK Data Components
Logon Session Creation (Logon Session)
Initial construction of a successful new user logon following an authentication attempt. (e.g. Windows EID 4624, /var/log/utmp, or /var/log/wmtp)Application Log Content (Application Log)
Logging, messaging, and other artifacts provided by third-party services (ex: metrics, errors, and/or alerts from mail/web applications)Sigma Detections for this Technique
SP800-53 Controls
See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.