Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees.
Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).(Citation: HackersArise Email)(Citation: CNET Leaks) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Phishing for Information), establishing operational resources (ex: Email Accounts), and/or initial access (ex: Phishing).
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| action.hacking.variety.Footprinting | Footprinting and fingerprinting | related-to | T1589.002 | Gather Victim Identity Information: Email Addresses |
| value_chain.targeting.variety.Email addresses | Email addresses | related-to | T1589.002 | Gather Victim Identity Information: Email Addresses |
| value_chain.targeting.variety.Personal Information | Information on individuals such as title, interests, physical location, etc, used to pick an organization as a target | related-to | T1589.002 | Gather Victim Identity Information: Email Addresses |
| aws_security_hub | AWS Security Hub | technique_scores | T1589.002 | Email Addresses |