Data Destruction
Delete / corrupt / brick data or systems — wiper-style malware, selfdestruct, irreversible deletes.
§ Where this technique fits
T1485 is catalogued under the Impact tactic of the offensive-security kill-chain. It appears in 4 approved dossiers in the registry, typically at step 5 on average.
Authoritative reference: attack.mitre.org/techniques/T1485/.
§ Dossiers chaining this technique
- step 3 / 4
Uninitialised UUPS proxy implementation → brick contracts
UUPS upgradeable contracts must initialise the implementation contract itself. If skipped, anyone can call `initialise()` and become its owner — then call `selfdestruct` to brick every proxy referencing it (Parity Multisig 2017).
- step 5 / 5
ERC-4337 paymaster sponsor drain
A paymaster sponsors all UserOperations without per-user gas accounting. Spam tiny UserOps from many bundled addresses — paymaster pays the gas until its deposit hits zero.
- step 6 / 6
Industroyer2 IEC-104 substation hijack
Timed payload speaks IEC-60870-5-104 to substation RTUs at attacker-chosen hour; sends 'open breaker' commands across a substation, blackouts a grid section.
- step 6 / 6
Trusted updater hijack → wormable destructive payload (NotPetya / M.E.Doc)
Compromise a niche third-party vendor (regional tax software, niche industry tooling). Push a malicious update; every customer auto-installs it. Payload spreads via SMB + Mimikatz, wipes drives.
§ What commonly comes next
- 01Data Encrypted for Impactseen 1×T1486 · Impact