ATT&CK 기법 · Credential Access

Unsecured Credentials T1552

이 기법을 다룬 REVELARE 한국어 위협 분석 2편 · Credential Access

이 기법을 다룬 분석

쿠팡 해킹 원인 분석: 퇴직자 JWT 키와 순차 ID 취약점이 만든 5개월 탐지 불가

CVE-2026-48558: SimpleHelp CVSS 10 인증 우회, 1만 4천 서버에 Djinn 스틸러 배포

MITRE 공식 정의

Adversaries may search compromised systems to find and obtain insecurely stored credentials. These credentials can be stored and/or misplaced in many locations on a system, including plaintext files (e.g. [Shell History](https://attack.mitre.org/techniques/T1552/003)), operating system or application-specific repositories (e.g. [Credentials in Registry](https://attack.mitre.org/techniques/T1552/002)), or other specialized files/artifacts (e.g. [Private Keys](https://attack.m…

attack.mitre.org ↗ATT&CK 매트릭스

플랫폼: Windows, SaaS, IaaS, Linux, macOS, Containers, Network Devices, Office Suite, Identity Provider