MITRE ATT&CK Technique
Impact T1496
Description

Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability. Resource hijacking may take a number of different forms. For example, adversaries may: * Leverage compute resources in order to mine cryptocurrency * Sell network bandwidth to proxy networks * Generate SMS traffic for profit * Abuse cloud-based messaging services to send large quantities of spam messages In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)

Supported Platforms
Windows IaaS Linux macOS Containers SaaS
Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data 
{'created': '2019-04-17T14:50:05.682Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may leverage the resources of co-opted systems to '
                'complete resource-intensive tasks, which may impact system '
                'and/or hosted service availability. \n'
                '\n'
                'Resource hijacking may take a number of different forms. For '
                'example, adversaries may:\n'
                '\n'
                '* Leverage compute resources in order to mine cryptocurrency\n'
                '* Sell network bandwidth to proxy networks\n'
                '* Generate SMS traffic for profit\n'
                '* Abuse cloud-based messaging services to send large '
                'quantities of spam messages\n'
                '\n'
                'In some cases, adversaries may leverage multiple types of '
                'Resource Hijacking at once.(Citation: Sysdig Cryptojacking '
                'Proxyjacking 2023)',
 'external_references': [{'external_id': 'T1496',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1496'},
                         {'description': 'Miguel Hernandez. (2023, August 17). '
                                         'LABRAT: Stealthy Cryptojacking and '
                                         'Proxyjacking Campaign Targeting '
                                         'GitLab . Retrieved September 25, '
                                         '2024.',
                          'source_name': 'Sysdig Cryptojacking Proxyjacking '
                                         '2023',
                          'url': 'https://sysdig.com/blog/labrat-cryptojacking-proxyjacking-campaign/'}],
 'id': 'attack-pattern--cd25c1b4-935c-4f0e-ba8d-552f28bc4783',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'impact'}],
 'modified': '2025-10-24T17:49:24.276Z',
 'name': 'Resource Hijacking',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['David Fiser, @anu4is, Trend Micro',
                          'Alfredo Oliveira, Trend Micro',
                          'Jay Chen, Palo Alto Networks',
                          'Magno Logan, @magnologan, Trend Micro',
                          'Vishwas Manral, McAfee',
                          'Yossi Weizman, Azure Defender Research Team',
                          'Menachem Goldstein'],
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_impact_type': ['Availability'],
 'x_mitre_is_subtechnique': False,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['Windows',
                       'IaaS',
                       'Linux',
                       'macOS',
                       'Containers',
                       'SaaS'],
 'x_mitre_version': '2.0'}
Quick Actions
Edit TTP Update from Web
Back to TTPs
Dashboard About