MITRE ATT&CK Technique
Description
**This technique has been deprecated. Please use [Create Account](https://attack.mitre.org/techniques/T1136), [Web Shell](https://attack.mitre.org/techniques/T1505/003), and [External Remote Services](https://attack.mitre.org/techniques/T1133) where appropriate.** Adversaries may use more than one remote access tool with varying command and control protocols or credentialed access to remote services so they can maintain access if an access mechanism is detected or mitigated. If one type of tool is detected and blocked or removed as a response but the organization did not gain a full understanding of the adversary's tools and access, then the adversary will be able to retain access to the network. Adversaries may also attempt to gain access to [Valid Accounts](https://attack.mitre.org/techniques/T1078) to use [External Remote Services](https://attack.mitre.org/techniques/T1133) such as external VPNs as a way to maintain access despite interruptions to remote access tools deployed within a target network.(Citation: Mandiant APT1) Adversaries may also retain access through cloud-based infrastructure and applications. Use of a [Web Shell](https://attack.mitre.org/techniques/T1100) is one such way to maintain access to a network through an externally accessible Web server.
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2017-05-31T21:31:18.867Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': '**This technique has been deprecated. Please use [Create '
'Account](https://attack.mitre.org/techniques/T1136), [Web '
'Shell](https://attack.mitre.org/techniques/T1505/003), and '
'[External Remote '
'Services](https://attack.mitre.org/techniques/T1133) where '
'appropriate.**\n'
'\n'
'Adversaries may use more than one remote access tool with '
'varying command and control protocols or credentialed access '
'to remote services so they can maintain access if an access '
'mechanism is detected or mitigated. \n'
'\n'
'If one type of tool is detected and blocked or removed as a '
'response but the organization did not gain a full '
"understanding of the adversary's tools and access, then the "
'adversary will be able to retain access to the network. '
'Adversaries may also attempt to gain access to [Valid '
'Accounts](https://attack.mitre.org/techniques/T1078) to use '
'[External Remote '
'Services](https://attack.mitre.org/techniques/T1133) such as '
'external VPNs as a way to maintain access despite '
'interruptions to remote access tools deployed within a target '
'network.(Citation: Mandiant APT1) Adversaries may also retain '
'access through cloud-based infrastructure and applications.\n'
'\n'
'Use of a [Web '
'Shell](https://attack.mitre.org/techniques/T1100) is one such '
'way to maintain access to a network through an externally '
'accessible Web server.',
'external_references': [{'external_id': 'T1108',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1108'},
{'description': 'Mandiant. (n.d.). APT1 Exposing One '
'of China’s Cyber Espionage Units. '
'Retrieved July 18, 2016.',
'source_name': 'Mandiant APT1',
'url': 'https://www.fireeye.com/content/dam/fireeye-www/services/pdfs/mandiant-apt1-report.pdf'}],
'id': 'attack-pattern--6aabc5ec-eae6-422c-8311-38d45ee9838a',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'defense-evasion'},
{'kill_chain_name': 'mitre-attack',
'phase_name': 'persistence'}],
'modified': '2025-10-24T17:48:54.749Z',
'name': 'Redundant Access',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Praetorian'],
'x_mitre_deprecated': True,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': False,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Windows',
'SaaS',
'IaaS',
'Linux',
'macOS',
'Office Suite',
'Identity Provider'],
'x_mitre_version': '3.2'}