An attack technique is a specific way an intruder gains access, hides activity, or keeps control inside a target environment. Techniques include phishing lures, malicious attachments, credential theft, privilege escalation, persistence mechanisms, and living-off-the-land commands that abuse legitimate tools.
This term matters because defenders do not stop threats by naming a campaign alone; they stop them by recognizing how the intrusion works. Tracking techniques helps security teams detect repeated behaviors, build better alerts, and map activity to frameworks such as MITRE ATT&CK. In real attacks, adversaries often update their techniques while keeping the same objective, which is why monitoring unusual logins, suspicious file handling, odd process chains, and unexpected network connections is so valuable in defense.