Telco Security

MOTIF Attack Matrix

Mobile Threat Intelligence Framework - Comprehensive attack taxonomy for telecommunications security

About MOTIF
Understanding the Mobile Threat Intelligence Framework

The MOTIF (Mobile Threat Intelligence Framework) is a comprehensive knowledge base of adversary tactics and techniques based on real-world observations of attacks against mobile telecommunications networks. Similar to MITRE ATT&CK, MOTIF provides a structured approach to understanding and defending against mobile network threats.

14

Tactics

50+

Techniques

4

Network Generations

3

Attack Tools

Attack Tactics

Reconnaissance
Gathering information to plan future operations
MOTA3001

Monitor Radio Interface

MOT3001

2G3G4G

Gather Victim Identity Information

MOT1589

2G3G4G5G-SA

Search Closed Sources

MOT1597

2G3G4G5G-SA

Search Open Websites/Domains

MOT1593

2G3G4G5G-SA
Resource Development
Establishing resources to support operations
MOTA3002

Acquire Infrastructure

MOT1583

2G3G4G

Develop Capabilities

MOT1587

2G3G4G5G-SA
Initial Access
Getting into the target network
MOTA3003

Exploit Interconnection Link

MOT3002

2G3G4G

Exploit via Core Signalling Interface

MOT3003

2G3G4G5G-SA

Exploit via Radio Interface

MOT3006

2G3G4G

Trusted Relationship

MOT1199

2G3G4G

Supply Chain Compromise

MOT1195

2G3G4G5G-SA
Persistence
Maintaining foothold in the network
MOTA3005

Adversary-in-the-Middle

MOT1557

2G3G4G
Defense Evasion
Avoiding detection by security systems
MOTA3007

Masquerading

MOT1036

2G3G4G

Disguise Signalling Messages

MOT3005

2G3G4G
Credential Access
Stealing account credentials
MOTA3008

Access Subscriber Data

MOT3004

2G3G4G

Exploitation for Credential Access

MOT1212

5G-SA
Discovery
Exploring the network environment
MOTA3009

Network Service Scanning

MOT1046

2G3G4G

Identify Subscriber

MOT5019

2G3G4G

Network Function Service Discovery

MOT5003

5G-SA
Collection
Gathering data of interest
MOTA3011

Identify Subscriber

MOT5019

2G3G4G

Access Subscriber Data

MOT3004

2G3G4G

Network Sniffing

MOT1040

2G3G4G

Locate Subscriber

MOT5012

2G3G4G
Impact
Manipulating or destroying systems and data
MOTA3014

Data Manipulation

MOT1565

5G-SA

Attack Software

Passive False Base Station
IMSI catcher for passive attacks over radio interface
MOS3001

Associated Techniques:

MOT3001.301MOT5019.301MOT1040.501
Active False Base Station
Rogue base station for active attacks
MOS3002

Associated Techniques:

MOT1477.301MOT1477.303MOT1477.302MOT1036.301
MiTM False Base Station
Full active attacks with man-in-the-middle capabilities
MOS3003

Associated Techniques:

MOT1477.302MOT1557.301
Network Generation Coverage
Attack applicability across mobile network generations

2G

Active Threats

Demonstrated

3G

Active Threats

Demonstrated

4G

Active Threats

Demonstrated

5G-SA

Emerging Threats

Theoretical
MOTIF Use Cases
Practical applications of the framework

Threat Intelligence

Map observed attacks to MOTIF tactics and techniques for better threat understanding and communication

Security Assessment

Use MOTIF as a checklist to evaluate network security posture and identify gaps in defenses

Red Team Operations

Plan and execute realistic attack scenarios based on documented tactics and techniques

Defense Strategy

Develop comprehensive defense strategies by understanding the full attack lifecycle

Related Resources

SS7 Attacks

Detailed SS7 attack vectors and defenses

Testing Methodology

Professional security testing procedures

Case Studies

Real-world attack incidents and analysis