Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as MailSniper can be used to automate searches for specific keywords.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2012-0767 | Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability | secondary_impact | T1114.002 | Remote Email Collection |
Comments
This cross-site scripting vulnerability has been exploited in the wild by enticing a user to click on a link to a malicious website. The attacker
can then impersonate the user and perform actions such as changing the user's settings on the website or accessing the user's webmail.
References
|