436/68 Friday, October 31, 2025
MITRE has announced the release of ATT&CK Framework Version 18, the globally recognized database of adversarial tactics and techniques. The latest update introduces several major enhancements—most notably in the area of Detections, with the addition of two new object types: Detection Strategies, which define high-level approaches to threat detection, and Analytics, which provide platform-specific detection logic for defenders.
In the Enterprise domain, MITRE has added techniques reflecting modern infrastructure, including CI/CD pipelines, Kubernetes, and cloud databases, as well as behaviors related to ransomware preparation and threat actor intelligence collection, where attackers study threat intelligence to improve their own campaigns. The Cyber Threat Intelligence (CTI) section has also been expanded with new adversary groups, campaigns, and software associated with supply chain intrusions, cloud identity compromises, and attacks targeting virtualization and edge systems.
For Mobile, new techniques have been introduced to cover attacks exploiting the “Linked Devices” feature in Signal and WhatsApp, while the “Abuse Accessibility Features” technique—previously removed—has been reinstated.
In the ICS (Industrial Control Systems) domain, MITRE has added new assets, including Distributed Control System (DCS) controllers, firewalls, and switches, and refined existing asset descriptions. Additionally, MITRE announced the formation of the ATT&CK Advisory Council, a collaborative body that invites input directly from practitioners, government agencies, vendors, and academic institutions to help guide future framework development.
Source https://www.securityweek.com/mitre-unveils-attck-v18-with-updates-to-detections-mobile-ics/
