MITRE ATT&CK® Matrix
ICS ATT&CK Matrix
A Glexia-styled visualization of ATT&CK tactics and techniques. This is not the MITRE Navigator UI and does not imply MITRE endorsement.
Collection
11 techniques
T0801 Monitor Process State None T0802 Automated Collection None T0811 Data from Information Repositories None T0830 Adversary-in-the-Middle None T0845 Program Upload None T0852 Screen Capture None T0861 Point & Tag Identification None T0868 Detect Operating Mode None T0877 I/O Image None T0887 Wireless Sniffing None T0893 Data from Local System None
Command and Control
3 techniques
Discovery
8 techniques
Evasion
9 techniques
Execution
10 techniques
Impact
12 techniques
T0813 Denial of Control None T0815 Denial of View None T0826 Loss of Availability None T0827 Loss of Control None T0828 Loss of Productivity and Revenue None T0829 Loss of View None T0831 Manipulation of Control None T0832 Manipulation of View None T0837 Loss of Protection None T0879 Damage to Property None T0880 Loss of Safety None T0882 Theft of Operational Information None
Impair Process Control
8 techniques
Inhibit Response Function
20 techniques
T0800 Activate Firmware Update Mode None T0809 Data Destruction None T0814 Denial of Service None T0816 Device Restart/Shutdown None T0835 Manipulate I/O Image None T0838 Modify Alarm Settings None T0851 Rootkit None T0878 Alarm Suppression None T0881 Service Stop None T0892 Change Credential None T1691 Block Operational Technology Message ICS T1691.001 Command Message ICS T1691.002 Reporting Message ICS T1693 Modify Firmware ICS T1693.001 System Firmware ICS T1693.002 Module Firmware ICS T1695 Block Communications ICS T1695.001 Serial COM ICS T1695.002 Ethernet ICS T1695.003 Wi-Fi ICS
Initial Access
12 techniques
T0817 Drive-by Compromise None T0819 Exploit Public-Facing Application None T0822 External Remote Services None T0847 Replication Through Removable Media None T0848 Rogue Master None T0860 Wireless Compromise None T0862 Supply Chain Compromise None T0864 Transient Cyber Asset None T0865 Spearphishing Attachment None T0866 Exploitation of Remote Services None T0883 Internet Accessible Device None T0886 Remote Services None
Lateral Movement
11 techniques
T0843 Program Download None T0843.001 Download All ICS T0843.002 Online Edit ICS T0843.003 Program Append ICS T0859 Valid Accounts None T0866 Exploitation of Remote Services None T0867 Lateral Tool Transfer None T0886 Remote Services None T1694 Insecure Credentials ICS T1694.001 Default Credentials ICS T1694.002 Hardcoded Credentials ICS
Persistence
10 techniques
T0859 Valid Accounts None T0873 Project File Infection None T0873.001 Siemens Project File Format ICS T0889 Modify Program None T1693 Modify Firmware ICS T1693.001 System Firmware ICS T1693.002 Module Firmware ICS T1694 Insecure Credentials ICS T1694.001 Default Credentials ICS T1694.002 Hardcoded Credentials ICS
Privilege Escalation
2 techniques
Exports
Structured JSON, CSV, and Navigator-layer export generation will use the normalized reference records after full sync. The current page is intentionally lightweight and source-backed.
Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.