T1589.002 Email Addresses Mappings

Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees.

Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).(Citation: HackersArise Email)(Citation: CNET Leaks) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Phishing for Information), establishing operational resources (ex: Email Accounts), and/or initial access (ex: Phishing).

View in MITRE ATT&CK®

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.hacking.variety.Footprinting Footprinting and fingerprinting related-to T1589.002 Gather Victim Identity Information: Email Addresses
value_chain.targeting.variety.Email addresses Email addresses related-to T1589.002 Gather Victim Identity Information: Email Addresses
value_chain.targeting.variety.Personal Information Information on individuals such as title, interests, physical location, etc, used to pick an organization as a target related-to T1589.002 Gather Victim Identity Information: Email Addresses
aws_security_hub AWS Security Hub technique_scores T1589.002 Email Addresses