Adversaries may gather the victim's physical location(s) that can be used during targeting. Information about physical locations of a target organization may include a variety of details, including where key resources and infrastructure are housed. Physical locations may also indicate what legal jurisdiction and/or authorities the victim operates within.
Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Physical locations of a target organization may also be exposed to adversaries via online or other accessible data sets (ex: Search Victim-Owned Websites or Social Media).(Citation: ThreatPost Broadvoice Leak)(Citation: DOB Business Lookup) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Websites/Domains), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: Phishing or Hardware Additions).
View in MITRE ATT&CK®Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
---|---|---|---|---|
action.hacking.variety.Footprinting | Footprinting and fingerprinting | related-to | T1591.001 | Gather Victim Org Information: Determine Physical Locations |
value_chain.targeting.variety.Organizational Information | Information on an organization such as org chart, technologies in use, financial assets, etc, used to pick them as a target | related-to | T1591.001 | Gather Victim Org Information: Determine Physical Locations |
aws_security_hub | AWS Security Hub | technique_scores | T1591.001 | Determine Physical Locations |