Insider Threat Matrix™Insider Threat Matrix™
  • ID: IF039.004
  • Created: 07th July 2026
  • Updated: 07th July 2026
  • MITRE ATT&CK®: T1078T1078.001T1078.002T1078.003T1078.004
  • Contributor: The ITM Team

Illicit Access to a Privileged Account

A subject accesses or uses a privileged, administrative, or elevated account without being assigned, delegated, approved, or authorized to use that account. This may include domain administrator accounts, local administrator accounts, cloud administrator roles, database administrator accounts, security tool administrator accounts, root accounts, break-glass accounts, or other identities with elevated system or data access.

 

This behavior may involve the subject independently obtaining or using privileged credentials, administrative tokens, active sessions, SSH keys, emergency access material, privileged access management credentials, or other elevated authentication mechanisms. The defining behavior is that the subject performs activity through a privileged account that has not been authorized for their use.