2022 MITRE ATT&CK Engenuity Results

The 2022 MITRE ATT&CK Engenuity results have just been released and vendors are now sharing how they performed. In this blog post, we help you to cut through the marketing noise and read about the key statistics from the tests.


What are MITRE Engenuity ATT&CK Evaluations?

MITRE Engenuity evaluates cyber security products using an open methodology based on the ATT&CK knowledge base. It is a great way to get visibility into different vendors, and how they actually perform against real-world scenarios.


Goals of the evaluation:

  • Empower end-users with objective insights into how to use specific commercial security products to detect known adversary behaviours.

  • Provide transparency around the true capabilities of security products and services to detect known adversary behaviours.

  • Drive the security vendor community to enhance their capability to detect known adversary behaviours.

What is tested?

This year’s MITRE Engenuity ATT&CK evaluations emulated two threat groups, Wizard Spider and Sandworm.

  • Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since at least August 2018 against a variety of organisations, ranging from major corporations to hospitals.

  • Sandworm Team is a destructive Russian threat group that has been attributed to Russian GRU Unit 74455 by the US Department of Justice and the UK National Cyber Security Centre. Sandworm Team's most notable attacks include the 2015 and 2016 targeting of Ukrainian electrical companies and 2017's NotPetya attacks. Sandworm Team has been active since at least 2009.

Both threat groups abuse Data Encrypted for Impact.


Who participated?