Supporting the National Cyber Strategy: How TrendAI™ Helps

MITRE Techniques

• [T1580 ] Acquire Infrastructure – Threat actors are described as operating campaigns supported by tooling and infrastructure to target U.S. interests (‘track and profile nation-state and cybercriminal groups … providing agencies with the context they need to understand who is targeting them, how, and why’).
• [T1210 ] Exploitation of Remote Services – The article discusses disrupting adversary campaigns early across networks and cloud environments before objectives are achieved (‘identify and disrupt adversary campaigns earlier in the kill chain’).
• [T1068 ] Exploitation for Privilege Escalation – Vulnerability discovery and virtual patching are discussed as ways to stop exploitation of exposed systems (‘discover and disclose vulnerabilities before adversaries can weaponize them’ and ‘shielding vulnerable legacy systems from exploitation’).
• [T1057 ] Process Discovery – The platform correlates signals across endpoints, servers, cloud workloads, and networks to detect attack activity (‘correlate threat data across the entire attack surface’).
• [T1047 ] Windows Management Instrumentation – The article references fileless attacks, which often rely on built-in system tools for stealth (‘machine learning models identify novel malware variants and fileless attacks’).
• [T1105 ] Ingress Tool Transfer – The text mentions adversaries weaponizing vulnerabilities and using tooling to conduct campaigns (‘before adversaries can weaponize them’ and ‘tooling and infrastructure’).
• [T1566 ] Phishing – Email security is included in the detection and response stack, indicating defense against email-borne intrusion paths (‘correlate threat data across … email’).
• [T1190 ] Exploit Public-Facing Application – The legacy system protection and vulnerability management discussion implies exploitation of exposed systems (‘shielding vulnerable legacy systems from exploitation’).