Home
HomeGlossaryMan-in-the-Middle Attack

Man-in-the-Middle Attack

MITRE ATTACK layer: Credential Access

ON THIS PAGE

Unlock 442% ROI*

Control all your endpoints in a single platform.

4.6/5
Book a Demo

*Return on investment over three years as per the Total Economic Impact™ (TEI) study by Forrester

Man-in-the-Middle (MitM) attack is a technique where an attacker secretly intercepts and potentially alters communication between two parties who believe they are communicating directly with each other. It exploits weaknesses in network trust, encryption, or authentication rather than breaking systems outright.

How is Man-in-the-Middle Attack abused

Attackers position themselves between the user and the target service by abusing unsecured Wi-Fi networks, DNS spoofing, ARP poisoning, or compromised certificates. Once in the middle, the attacker captures credentials, session cookies, or sensitive data in transit, and can inject or modify traffic without either party being aware.

Why Man-in-the-Middle Attack matters

Man-in-the Middle attack undermines the confidentiality and integrity of trusted communications. A single successful interception can lead to credential theft, session hijacking, data manipulation, or downstream account compromise across enterprise and SaaS environments, often without leaving obvious forensic traces.

Real-world example

Salt Typhoon

In 2024—2025, a state-linked threat group called Salt Typhoon executed a man-in-the-middle attack by compromising core network infrastructure within AT&T and Verizon. The attackers intercepted and monitored communications traffic and metadata in transit, positioning themselves directly between communicating parties. Operating inside trusted telecom networks allowed them to bypass traditional security controls, exposing communications at national and enterprise scale.

Source

Get the full attack repository

Get our entire attack repository in a single, offline-ready PDF guide, featuring 25+ real-world attacks.

Please enter a valid email.Please enter a email.
By clicking 'Download EBOOK', you agree to processing of personal data according to the Privacy Policy.

Related topics

Credential Access
DNS Tunneling
Read more
Credential Access
Web Session Cookie Theft
Read more
Credential Access
Phishing
Read more

Additional Resources

Research
Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report

See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central.

Read more
Security validation
Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report

Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months.

Read more
Guide
Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies

Get a clear, practical guide to understanding threats and strengthening your organization’s security.

Read more

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations