Common Information
| Type | Value |
|---|---|
| Value |
Email Addresses - T1589.002 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may gather email addresses that can be used during targeting. Even if internal instances exist, organizations may have public-facing email infrastructure and addresses for employees. Adversaries may easily gather email addresses, since they may be readily available and exposed via online or other accessible data sets (ex: [Social Media](https://attack.mitre.org/techniques/T1593/001) or [Search Victim-Owned Websites](https://attack.mitre.org/techniques/T1594)).(Citation: HackersArise Email)(Citation: CNET Leaks) Email addresses could also be enumerated via more active means (i.e. [Active Scanning](https://attack.mitre.org/techniques/T1595)), such as probing and analyzing responses from authentication services that may reveal valid usernames in a system.(Citation: GrimBlog UsernameEnum) For example, adversaries may be able to enumerate email addresses in Office 365 environments by querying a variety of publicly available API endpoints, such as autodiscover and GetCredentialType.(Citation: GitHub Office 365 User Enumeration)(Citation: Azure Active Directory Reconnaisance) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Email Accounts](https://attack.mitre.org/techniques/T1586/002)), and/or initial access (ex: [Phishing](https://attack.mitre.org/techniques/T1566) or [Brute Force](https://attack.mitre.org/techniques/T1110) via [External Remote Services](https://attack.mitre.org/techniques/T1133)). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-05 | 4 | The Credential Abuse Cycle: Theft, Trade, and Exploitation - ReliaQuest | ||
| Details | Website | 2024-11-05 | 1 | Schneider Electric Confirms Breach, Threat Actor Claims to Steal 40GB of Data - CloudSEK News | ||
| Details | Website | 2024-11-05 | 7 | Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare - CyberSRC | ||
| Details | Website | 2024-11-05 | 0 | Z-lib - 9,737,374 breached accounts - RedPacket Security | ||
| Details | Website | 2024-11-05 | 1 | Strategies For Marketing Advanced VPN Services | ||
| Details | Website | 2024-11-05 | 2 | How to Defend Against Alleged Snowflake Attacker ‘Judische’ | ||
| Details | Website | 2024-11-04 | 1004 | US-CERT Vulnerability Summary for the Week of October 28, 2024 - RedPacket Security | ||
| Details | Website | 2024-11-04 | 0 | Nigerian man sentenced to 26+ years in real estate phishing scams | #cybercrime | #infosec | National Cyber Security Consulting | ||
| Details | Website | 2024-11-04 | 0 | Nigerian man sentenced to 26+ years in real estate phishing scams | ||
| Details | Website | 2024-11-04 | 3 | Massive Midnight Blizzard Phishing Attack Using Weaponized RDP Files | ||
| Details | Website | 2024-11-04 | 3 | Cyble Warns of Escalating Cyber Risks in IoT and WordPress Plugins Amid Phishing Surge | ||
| Details | Website | 2024-11-04 | 6 | Essential Cyber Intel Brief: 11/04/2024 | ||
| Details | Website | 2024-11-04 | 1 | Threat Actors Allegedly Claiming Leak of Dell Partner Portal Data | ||
| Details | Website | 2024-11-04 | 0 | Gmail Security Challenges Amid Rising Phishing Scams - Cybersecurity Insiders | ||
| Details | Website | 2024-11-04 | 0 | Schneider Electric confirms dev platform breach after hacker steals data | ||
| Details | Website | 2024-11-04 | 1 | DocuSign's Envelopes API abused to send realistic fake invoices | ||
| Details | Website | 2024-11-04 | 2 | Nintendo Warns Gamers to Avoid Clicking Links in Spoofed Emails | ||
| Details | Website | 2024-11-03 | 1 | Dark Web Monitor: Features And Benefits | ||
| Details | Website | 2024-11-03 | 0 | The Ultimate Guide to Stay Anonymous Online — Tools and Techniques for Staying Untraceable | ||
| Details | Website | 2024-11-03 | 0 | Cybersecurity 101: A Beginner’s Guide to Protecting Yourself Online 🔒 | ||
| Details | Website | 2024-11-03 | 1 | Setting Up Two-factor Authentication In Outlook | ||
| Details | Website | 2024-11-03 | 2 | How to Search like a Hacker and earn $$$ | ||
| Details | Website | 2024-11-03 | 2 | Phishing Simplified. | ||
| Details | Website | 2024-11-03 | 0 | How Do I Make Sure I am Safe on the Internet?: Smart Tips & Tricks | ||
| Details | Website | 2024-11-02 | 0 | Phishing Attacks: Navigating the Waters of Cyber Deception |