Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| AC-16 | Security and Privacy Attributes | Protects | T1114 | Email Collection | |
| AC-17 | Remote Access | Protects | T1114 | Email Collection | |
| AC-19 | Access Control for Mobile Devices | Protects | T1114 | Email Collection | |
| AC-20 | Use of External Systems | Protects | T1114 | Email Collection | |
| AC-3 | Access Enforcement | Protects | T1114 | Email Collection | |
| AC-4 | Information Flow Enforcement | Protects | T1114 | Email Collection | |
| CM-2 | Baseline Configuration | Protects | T1114 | Email Collection | |
| CM-6 | Configuration Settings | Protects | T1114 | Email Collection | |
| IA-2 | Identification and Authentication (organizational Users) | Protects | T1114 | Email Collection | |
| IA-5 | Authenticator Management | Protects | T1114 | Email Collection |
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| action.malware.variety.Capture app data | Capture data from application or system process | related-to | T1114 | Email Collection |
Technique ID | Technique Name | Number of Mappings |
|---|---|---|
| T1114.003 | Email Forwarding Rule | 11 |
| T1114.001 | Local Email Collection | 9 |
| T1114.002 | Remote Email Collection | 14 |