Managed Services Evaluation 2025
Call for Participation

MITRE Engenuity is excited to open its Call for Participation for ATT&CK Evaluations Managed Services.

This third round of Managed Services evaluations, designed for managed security service providers (MSSP) and managed detection and response (MDR) competencies, will focus on cloud-based attacks, response and containment strategies, and post-incident analysis.

Learn More
Make informed security decisions
MITRE Engenuity ATT&CK® Evaluations is your resource for understanding how security solution providers might protect your organization's unique needs against known adversaries
See latest evaluations
menuPass + ALPHV BlackCat (2024) NEW
Managed Services
Enterprise Evaluation (2024)
Enterprise
menuPass + ALPHV BlackCat (2024) NEW
Managed Services

Active since at least 2006, menuPass (aka APT10) is believed to be sponsored by the Chinese Ministry of State Security (MSS). The group focuses on the exfiltration of sensitive data such as intellectual property and business intelligence in support of Chinese national security objectives. menuPass has targeted the aerospace, construction, engineering, government, and telecommunications sectors primarily in the US, Europe, Japan, and other parts of Southeast Asia. This threat actor is known for orchestrating Operation Cloud Hopper, a global espionage campaign discovered in 2016 and 2017 that involved the sustained exploitation of MSPs. In December 2018, the US DOJ filed criminal charges against two menuPass members in connection to the group’s activities.

MSS-affiliated groups such as APT10 have demonstrated a pattern of exploiting targets on a much broader geographic scope than the groups sponsored by the People Liberation Army (PLA), and are believed to be more likely to target the United States and regions outside of China’s direct sphere of influence. menuPass is known specifically for its use of living-off-the-land techniques, leveraging custom malware, utilizing fileless and anti-analysis tactics for defense evasion, and exploiting trusted third-party relationships for credential access. [1] [2] [3] [4] [5] [6] [7]

ALPHV BlackCat is a prolific ransomware-as-a-service (RaaS) operation that quickly gained notoriety after emerging in 2021. It offers affiliates a flexible ransomware strain written in Rust, enabling cross-platform targeting of Windows, Linux, and VMware systems. ALPHV BlackCat affiliates have targeted various industries including gaming and entertainment companies, manufacturing, construction, fashion, healthcare, government, engineering, retail, energy, transportation, telecommunication, education, and pharmaceuticals.

Versions of BlackCat include Windows and Linux (ESXi servers) and while intrusions differ based on affiliate tradecraft, when deployed, the ransomware impairs or disables system defenses, kills specific processes and services prior to employing sophisticated encryption capabilities. [1] [2] [3] [4] [5] [6] [7]

Our ATT&CK® Evaluations methodology
ATT&CK® Evaluations' mission is to bridge the gap between the security solution providers and their users/customers by enabling users to better understand and defend against known adversary behaviors through a transparent evaluation process and publicly available results - leading to a more informed community and safer world for all. We use adversary emulation to scope evaluations in context of the MITRE ATT&CK® framework. The evaluations address today's threats by using tactics, tools, methods, and goals inspired by that of known attacks.
Techniques are executed in a logical step-by-step ordering to explore the breadth of ATT&CK coverage. And because adversaries may execute the same technique, but in very different ways, our evaluations use procedural variation to capture the same behavior via different methods to explore the depth of ATT&CK coverage.
Questions?
Our team is ready to help you