T1621

Multi-Factor Authentication Request Generation

Adversaries may attempt to bypass multi-factor authentication (MFA) mechanisms and gain access to accounts by generating MFA requests sent to users. Adversaries in possession of credentials to [Valid Accounts](https://attack.mitre.org/techniques/T1078) may be unable to complete the login process if they lack access to the 2FA or MFA mechanisms required as an additional credential and security control. To circumvent this, adversaries may abuse the automatic generation of push notifications to MF...

WindowsLinuxmacOSIaaSSaaSOffice SuiteIdentity Provider

Detections

Sources

Threat Actors

BY SOURCE

18splunk_escu3elastic2sigma

PROCEDURES (12)

Privilege3 detections

Auto-extracted: 3 detections for privilege

Suspicious3 detections

Auto-extracted: 3 detections for suspicious

Credential2 detections

Auto-extracted: 2 detections for credential

Authentication Monitoring2 detections

Auto-extracted: 2 detections for authentication monitoring

Authentication Monitoring2 detections

Auto-extracted: 2 detections for authentication monitoring

Bypass2 detections

Auto-extracted: 2 detections for bypass

Bypass2 detections

Auto-extracted: 2 detections for bypass

Event Log1 detections

Auto-extracted: 1 detections for event log

Event Log1 detections

Auto-extracted: 1 detections for event log

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Script Execution Monitoring1 detections

Auto-extracted: 1 detections for script execution monitoring

Bypass1 detections

Auto-extracted: 1 detections for bypass

Multi-Factor Authentication Request Generation

BY SOURCE

PROCEDURES (12)

THREAT ACTORS (3)

DETECTIONS (23)