Home/ Threat Actors/ Threat Group-1314

🌐Threat Group-1314

🌐 Threat Group-1314 is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 4 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0028) ↗

14Use cases

0Articles

4Techniques

0IOCs

About this actor (MITRE)

[Threat Group-1314](https://attack.mitre.org/groups/G0028) is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure. (Citation: Dell TG-1314)

Known aliases

Threat Group-1314TG-1314

Top techniques

T1021.002 · SMB/Windows Admin Shares T1059.003 · Windows Command Shell T1072 · Software Deployment Tools

All other tracked techniques

T1078.002 · Domain Accounts

Detection use cases (14)

TG-1314 mass tooling push via abused enterprise deployment agents (SCCM/Altiris/Kaseya/LANDesk/Tanium) AI · profile SΣ TG-1314 single-credential SMB fan-out from compromised remote-access infrastructure AI · profile S Developer/Data-tooling Daemon Spawns Shell Child Seconds After POST to Runner/Exec Endpoint MITRE match Server / AI-agent process spawns shell or LOLBIN with public egress — post-RCE behavioural chain MITRE match Service-process parent spawns subprocess containing CLI-argument-injection tokens MITRE match Remote service execution — PsExec / SMB lateral movement MITRE match CMD Carry Out String Command Parameter MITRE match CMD Echo Pipe - Escalation MITRE match Detect Excessive Account Lockouts From Endpoint MITRE match Detect Prohibited Applications Spawning cmd exe MITRE match Detect PsExec With accepteula Flag MITRE match Detection of tools built by NirSoft MITRE match Executable File Written in Administrative SMB Share MITRE match Impacket Lateral Movement Commandline Parameters MITRE match