MITRE ATT&CK Evaluations Advance Cloud Security and Counter-Espionage Capabilities in Latest Round

McLean, Va., and Bedford, Mass., Dec. 10, 2025 (GLOBE NEWSWIRE) -- MITRE released the findings of its latest ATT&CK^® Evaluations (Evals) for enterprise cybersecurity solutions. The 2025 enterprise evaluations team led its first-ever cloud adversary emulation and addressed the sophisticated, multi-platform threats organizations face from both financially motivated cyber criminals and state-sponsored espionage groups.

“With the independent and objective assessment of enterprise cybersecurity solutions, organizations have valuable resources to determine which cybersecurity solutions best address their individual needs,” said Lex Crumpton, principal cybersecurity engineer and technical lead for ATT&CK Evals, MITRE. “Through the lens of the MITRE ATT&CK knowledge base, we emulated two distinct and highly relevant adversaries. Together, these adversary scenarios provided a comprehensive view of today's cyber landscape, testing defenses against identity abuse, cloud exploitation, and strategic espionage.”

The first scenario was inspired by Scattered Spider, a cybercriminal syndicate known for its aggressive use of social engineering, multi-factor authentication evasion, and rapid exploitation of cloud environments. This marks the first time ATT&CK Evaluations has tested cyber vendor capabilities against attacks originating and operating within cloud infrastructure. 

The second scenario featured Mustang Panda, a People’s Republic of China state-sponsored espionage group, to assess defenses against stealth, persistence, and custom malware used for long-term intrusion.

Also, for the first time, ATT&CK Evaluations incorporated the MITRE ATT&CK Reconnaissance tactic, enabling solutions to demonstrate their ability to detect adversary activity in the crucial early stages of an attack. This expansion provides defenders with critical insights into identifying threats before significant damage can occur.

The evaluation framework has been enhanced to place greater emphasis on protection, focusing on a solution's ability to block adversaries and contain threats in real time. The detection evaluation has been rebalanced to prioritize high-fidelity alerts that deliver actionable context for security operations teams, helping to reduce alert fatigue. 

The participants in this evaluation included Acronis, AhnLab, CrowdStrike, Cyberani, Cybereason, Cynet, ESET, Sophos, Trend Micro, WatchGuard, and WithSecure.
The evaluations do not rank vendors but provide objective, evidence-based results that enable organizations to determine which cybersecurity solutions fit their specific needs. Results are publicly available at https://evals.mitre.org/enterprise/er7. 

ABOUT MITRE ATT&CK EVALUATIONS
ATT&CK Evaluations is built on the backbone of MITRE's objective insight and conflict-free perspective. Cybersecurity vendors leverage the Evals program to enhance their offerings and to provide defenders with insights into their product's capabilities and performance. Evals empowers defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. All Evals results are public. https://evals.mitre.org/

Contact Info

Sarah Lytle
slytle@mitre.org
+1 703-639-7506

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.