ICS Impact consists of techniques adversaries use to disrupt, degrade, or destroy ICS operations and the physical processes they control. These can result in damage to property, loss of human safety, denial of control or view, loss of availability and productivity, and manipulation of physical processes. The consequences of ICS impact techniques can be severe, including environmental damage, equipment destruction, and threats to human life.
Tactic Overview
Tactic ID: TA0105 — Matrix: ICS — Techniques: 12
The Impact tactic represents a phase in the adversary lifecycle where the adversary is trying to manipulate, interrupt, or destroy your ICS systems, data, and their surrounding environment. This tactic is part of the MITRE ATT&CK ICS matrix and encompasses 12 known techniques that adversaries employ during this phase of an attack.
Understanding this tactic is critical for defenders to build effective detection strategies and implement appropriate countermeasures. Organizations should map their security controls against each technique to identify coverage gaps and prioritize defensive investments.
Techniques (12)
The following techniques are categorized under the Impact tactic in the MITRE ATT&CK ICS matrix:
| Technique ID | Name | Description | MITRE Reference |
|---|---|---|---|
T0879 | Damage to Property | Adversaries cause physical damage to equipment and property through manipulation of ICS processes beyond safe operating limits. | T0879 |
T0813 | Denial of Control | Adversaries prevent operators from controlling physical processes, removing the ability to manage and correct process behavior. | T0813 |
T0815 | Denial of View | Adversaries prevent operators from viewing process data, blinding them to the current state of physical operations. | T0815 |
T0826 | Loss of Availability | Adversaries disrupt the availability of ICS systems, preventing normal operation of industrial processes. | T0826 |
T0827 | Loss of Control | Adversaries cause loss of control over physical processes, where operators cannot issue commands or receive feedback. | T0827 |
T0828 | Loss of Productivity and Revenue | Adversaries disrupt industrial operations to cause financial losses through production downtime and recovery costs. | T0828 |
T0837 | Loss of Protection | Adversaries disable safety protections, leaving physical processes vulnerable to dangerous operating conditions. | T0837 |
T0880 | Loss of Safety | Adversaries create unsafe conditions by compromising safety systems, potentially endangering human life. | T0880 |
T0829 | Loss of View | Adversaries eliminate operator visibility into physical process state, preventing situational awareness. | T0829 |
T0831 | Manipulation of Control | Adversaries manipulate the control of physical processes to cause desired physical effects (e.g., opening valves, changing speeds). | T0831 |
T0832 | Manipulation of View | Adversaries manipulate operator displays to show false process data, hiding malicious physical process changes. | T0832 |
T0882 | Theft of Operational Information | Adversaries steal operational information including process designs, proprietary data, and production parameters. | T0882 |
Detection & Mitigation
Organizations should implement layered defenses addressing each technique within this tactic. Below are key mitigation strategies recommended by Mjolnir Security analysts.
Key Mitigations
- Business continuity planning
- Safety instrumented systems
- Physical process safety controls
- Disaster recovery procedures
- Independent monitoring systems
Detection Strategies
Effective detection of Impact techniques requires a combination of log analysis, behavioral monitoring, and threat intelligence correlation. Security teams should focus on establishing baselines for normal activity and alerting on deviations that may indicate adversary behavior aligned with this tactic.
- SIEM Integration: Correlate events across multiple data sources to detect technique patterns
- Behavioral Analytics: Deploy UEBA solutions to identify anomalous activity indicative of this tactic
- Threat Hunting: Proactively search for indicators of techniques within this tactic using hypothesis-driven investigations
- Purple Teaming: Regularly test detection coverage by simulating techniques from this tactic
Associated Threat Actors
The following threat actors are known to heavily leverage techniques from the Impact tactic:
For comprehensive threat actor profiles, visit the APT Groups Hub.
Resources & References
Defend Against Impact Techniques
Mjolnir Security provides expert threat intelligence, purple team exercises, and detection engineering services to help organizations defend against adversary tactics mapped to the MITRE ATT&CK framework.
Stay updated on MITRE ATT&CK developments and threat intelligence insights.
View All Reports →Written by Mjolnir Security Research — Published March 7, 2026