Gather Victim Identity Information: Имена сотрудников
Other sub-techniques of Gather Victim Identity Information (3)
ID | Название |
---|---|
.001 | Учетные данные |
.002 | Адреса эл. почты |
.003 | Имена сотрудников |
Adversaries may gather employee names that can be used during targeting. Employee names be used to derive email addresses as well as to help guide other reconnaissance efforts and/or craft more-believable lures. Adversaries may easily gather employee names, since they may be readily available and exposed via online or other accessible data sets (ex: Social Media or Search Victim-Owned Websites).(Citation: OPM Leak) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Phishing for Information), establishing operational resources (ex: Compromise Accounts), and/or initial access (ex: Phishing or Valid Accounts).
Примеры процедур |
|
Название | Описание |
---|---|
Kimsuky |
Kimsuky has collected victim employee name information.(Citation: KISA Operation Muzabi) |
Sandworm Team |
Sandworm Team's research of potential victim organizations included the identification and collection of employee information.(Citation: US District Court Indictment GRU Unit 74455 October 2020) |
Silent Librarian |
Silent Librarian has collected lists of names for individuals from targeted organizations.(Citation: DOJ Iran Indictments March 2018) |
Контрмеры |
|
Контрмера | Описание |
---|---|
Pre-compromise |
This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques. |
Обнаружение
Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.
Ссылки
- Cybersecurity Resource Center. (n.d.). CYBERSECURITY INCIDENTS. Retrieved October 20, 2020.
- KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.
- DOJ. (2018, March 23). U.S. v. Rafatnejad et al . Retrieved February 3, 2021.
- Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.
Связанные риски
Риск | Связи | |
---|---|---|
Раскрытие информации о работниках организации из-за
публикации информации в открытых источниках в интернете
Конфиденциальность
Раскрытие информации
НСД
|
|
|
Раскрытие информации об ИТ инфраструктуре из-за
публикации информации в открытых источниках в интернете
Конфиденциальность
Раскрытие информации
|
|