T1199: Trusted Relationship

Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted party relationship exploits an existing connection that may not be protected or receive less scrutiny that standard mechanisms of gaining access to a network.

Organizations often grant elevated access to second or third-party external providers in order to allow them to manage internal systems as well as cloud-based environments. Some examples of these relationships include IT services contractors, managed security providers, infrastructure contractors (e.g. HAVEC, elevators, physical security.) The third-party provider's access may be intended to be limited to the infrastructure being maintained, but may exist on the same network as the rest of the enterprise.