1. Home
  2. ATT&CK Techniques
  3. T1213.005 Messaging Applications

T1213.005 Messaging Applications Mappings

Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valuable information.

The following is a brief list of example information that may hold potential value to an adversary and may also be found on messaging applications:

  • Testing / development credentials (i.e., Chat Messages)
  • Source code snippets
  • Links to network shares and other internal resources
  • Proprietary data(Citation: Guardian Grand Theft Auto Leak 2022)
  • Discussions about ongoing incident response efforts(Citation: SC Magazine Ragnar Locker 2021)(Citation: Microsoft DEV-0537)

In addition to exfiltrating data from messaging applications, adversaries may leverage data from chat messages in order to improve their targeting - for example, by learning more about an environment or evading ongoing incident response efforts.(Citation: Sentinel Labs NullBulge 2024)(Citation: Permiso Scattered Spider 2023)

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CA-07 Continuous Monitoring mitigates T1213.005 Messaging Applications
CM-06 Configuration Settings mitigates T1213.005 Messaging Applications
CM-05 Access Restrictions for Change mitigates T1213.005 Messaging Applications
AC-17 Remote Access mitigates T1213.005 Messaging Applications
IA-08 Identification and Authentication (Non-Organizational Users) mitigates T1213.005 Messaging Applications
AC-21 Information Sharing mitigates T1213.005 Messaging Applications
SC-37 Out-of-band Channels mitigates T1213.005 Messaging Applications
AC-23 Data Mining Protection mitigates T1213.005 Messaging Applications
IA-04 Identifier Management mitigates T1213.005 Messaging Applications
SC-28 Protection of Information at Rest mitigates T1213.005 Messaging Applications
SI-02 Flaw Remediation mitigates T1213.005 Messaging Applications
RA-05 Vulnerability Monitoring and Scanning mitigates T1213.005 Messaging Applications
CM-08 System Component Inventory mitigates T1213.005 Messaging Applications
SI-07 Software, Firmware, and Information Integrity mitigates T1213.005 Messaging Applications
AC-16 Security and Privacy Attributes mitigates T1213.005 Messaging Applications
CM-02 Baseline Configuration mitigates T1213.005 Messaging Applications
IA-02 Identification and Authentication (Organizational Users) mitigates T1213.005 Messaging Applications
CM-07 Least Functionality mitigates T1213.005 Messaging Applications
SI-04 System Monitoring mitigates T1213.005 Messaging Applications
AC-02 Account Management mitigates T1213.005 Messaging Applications
AC-03 Access Enforcement mitigates T1213.005 Messaging Applications
AC-04 Information Flow Enforcement mitigates T1213.005 Messaging Applications
AC-06 Least Privilege mitigates T1213.005 Messaging Applications
CM-03 Configuration Change Control mitigates T1213.005 Messaging Applications

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
action.malware.variety.Export data Export data to another site or system related-to T1213.005 Messaging Applications
attribute.confidentiality.data_disclosure None related-to T1213.005 Messaging Applications

GCP Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
cloud_identity Cloud Identity technique_scores T1213.005 Messaging Applications
Comments
The access controls in Cloud Identity, such as MFA, can help to prevent an adversary from accessing internal software such as messaging tools, protecting customer data. However, if the adversary is able to access the system, Cloud Identity is not able to protect this data, leading to a score of partial.
References
  1. ['https://cloud.google.com/identity']