MITRE ATT&CK Evaluations Enhance Cloud Security and Counter-Espionage Efforts

Introduction to MITRE's Latest Findings

On December 10, 2025, MITRE unveiled the results of its newest ATT&CK® Evaluations for enterprise cybersecurity solutions. This round marked a significant advancement in cybersecurity by introducing cloud adversary emulation, addressing complex threats from both financially driven cybercriminals and state-sponsored espionage.

Innovative Evaluation Methodology

Lex Crumpton, principal cybersecurity engineer and technical lead for ATT&CK Evals at MITRE, stated, “With the independent and objective assessment of enterprise cybersecurity solutions, organizations have valuable resources to determine which cybersecurity solutions best address their individual needs.”

This evaluation process utilized the MITRE ATT&CK knowledge base to emulate two distinct adversaries, providing a comprehensive analysis of current cyber threats, including identity abuse, cloud exploitation, and strategic espionage.

Adversary Scenarios Tested

• Scattered Spider: A cybercriminal syndicate known for aggressive social engineering, multi-factor authentication evasion, and rapid exploitation within cloud environments. This scenario marked the first evaluation of vendor capabilities against attacks executed in cloud architectures.
• Mustang Panda: A state-sponsored espionage group from the People's Republic of China, targeted to assess defenses against stealth tactics, persistence, and custom malware employed for long-term intrusions.

Critical Enhancements in Evaluation Framework

This year's evaluations featured the integration of the MITRE ATT&CK Reconnaissance tactic, which allows cybersecurity solutions to showcase their ability to detect adversary activities in the crucial early stages of cyberattacks. This enhancement equips organizations with vital insights, enabling them to identify threats before serious damage occurs.

Furthermore, the evaluation framework has been refined to focus on a solution’s capacity to block adversaries and contain threats in real-time. The detection evaluation was also adjusted to emphasize high-fidelity alerts that provide actionable context for security operations teams, helping to mitigate alert fatigue.

Participating Vendors and Evaluation Results

The participants in this round of evaluations included:

• Acronis
• AhnLab
• CrowdStrike
• Cyberani
• Cybereason
• Cynet
• ESET
• Sophos
• Trend Micro
• WatchGuard
• WithSecure

It is important to note that the evaluations do not rank the vendors but provide objective, evidence-based outcomes helping organizations determine the most suitable cybersecurity solutions for their needs. The detailed results are publicly accessible at MITRE ATT&CK Evaluations.

About MITRE ATT&CK Evaluations

The ATT&CK Evaluations are built on MITRE's commitment to providing objective insights and a conflict-free perspective in cybersecurity. Cybersecurity vendors utilize the Evals program to enhance their offerings and give defenders clarity on their products’ capabilities and performance.

The rigorous methodology behind ATT&CK Evaluations employs a collaborative, threat-informed, purple-teaming approach that unites vendors with MITRE experts to assess solutions within the ATT&CK framework. All evaluation results are made publicly available, ensuring transparency and accessibility for organizations seeking to secure their networks.