T1496
Resource Hijacking
Adversaries may leverage the resources of co-opted systems to complete resource-intensive tasks, which may impact system and/or hosted service availability.
Resource hijacking may take a number of different forms. For example, adversaries may:
- Leverage compute resources in order to mine cryptocurrency
- Sell network bandwidth to proxy networks
- Generate SMS traffic for profit
- Abuse cloud-based messaging services to send large quantities of spam messages
In some cases, adversaries may leverage multiple types of Resource Hijacking at once.(Citation: Sysdig Cryptojacking Proxyjacking 2023)
Atomic Tests
-
Atomic Test #1 - FreeBSD/macOS/Linux - Simulate CPU Load with Yes
-
Atomic Test #2 - Windows - Simulate CPU Load with PowerShell
Atomic Test #1 - FreeBSD/macOS/Linux - Simulate CPU Load with Yes
This test simulates a high CPU load as you might observe during cryptojacking attacks. End the test by using CTRL/CMD+C to break.
Supported Platforms: Linux, macOS
auto_generated_guid: 904a5a0e-fb02-490d-9f8d-0e256eb37549
Attack Commands: Run with sh!
yes > /dev/nullAtomic Test #2 - Windows - Simulate CPU Load with PowerShell
This test simulates high CPU load using PowerShell, commonly seen in resource hijacking. Spawns background jobs to stress CPU cores for a specified duration.
Supported Platforms: Windows
auto_generated_guid: 44315fb0-f78d-4cef-b10f-cf21c1fe2c75
Inputs:
| Name | Description | Type | Default Value |
|---|---|---|---|
| duration_seconds | Duration in seconds to run the CPU stress test | integer | 30 |
| cpu_threads | Number of threads to stress (default 4) | integer | 4 |
Attack Commands: Run with powershell!
$end = (Get-Date).AddSeconds(#{duration_seconds})
1..#{cpu_threads} | ForEach-Object { Start-Job { param($t) while((Get-Date) -lt $t) { $i=0; while($i -lt 200000){$i++} } } -ArgumentList $end }
Get-Job | Wait-Job | Remove-Job