ATT&CK is a knowledge base of adversary tactics and techniques that is based on real-world observations. ATT&CK v9 adds container-related attack techniques, which is the result of a project conducted by MITRE’s Center for Threat-Informed Defense and sponsored by Microsoft, Citigroup and JPMorgan Chase.
There has been a debate on whether or not container techniques should be added considering that in a vast majority of cases they lead to cryptomining. However, containers have also been used by malicious actors for other purposes, including data harvesting and exfiltration. It has been determined that these incidents are “publicly under reported,” which is why developers of the ATT&CK framework have decided to include container-related techniques.