Runtime Data Manipulation

Runtime Data Manipulation is a subtechnique within the Data Manipulation technique under the Impact tactic, where adversaries alter data within running applications to disrupt business operations or decision-making processes. Unlike persistent data manipulation, runtime modifications affect only the in-memory state of applications without changing the underlying stored data, making these manipulations temporary and often undetectable through file integrity monitoring. Attackers typically achieve this by exploiting memory injection vulnerabilities, leveraging API hooking, or utilizing debugging interfaces to modify critical application variables, object properties, or data structures during execution. This can manifest as altered transaction details in financial systems, manipulated readings in industrial control systems, or falsified information in dashboards and reports. The ephemeral nature of these changes makes them particularly dangerous, as they may influence critical decisions before the application is restarted or data is refreshed from persistent storage, while leaving minimal forensic evidence of the manipulation.