Common Information
Type Value
Value
Credentials - T1589.001
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Adversaries may also compromise sites then add malicious content designed to collect website authentication cookies from visitors.(Citation: ATT ScanBox) Credential information may also be exposed to adversaries via leaks to online or other accessible data sets (ex: [Search Engines](https://attack.mitre.org/techniques/T1593/002), breach dumps, code repositories, etc.).(Citation: Register Deloitte)(Citation: Register Uber)(Citation: Detectify Slack Tokens)(Citation: Forbes GitHub Creds)(Citation: GitHub truffleHog)(Citation: GitHub Gitrob)(Citation: CNET Leaks) Adversaries may also purchase credentials from dark web or other black-markets. Finally, where multi-factor authentication (MFA) based on out-of-band communications is in use, adversaries may compromise a service provider to gain access to MFA codes and one-time passwords (OTP).(Citation: Okta Scatter Swine 2022) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [External Remote Services](https://attack.mitre.org/techniques/T1133) or [Valid Accounts](https://attack.mitre.org/techniques/T1078)).
Details Published Attributes CTI Title
Details Website 2044-04-01 13 Attackers Repurposing existing Python-based Malware for Distribution on NPM
Details Website 2035-01-01 216 UNKNOWN
Details Website 2029-03-27 1 AWS Introduces Global Condition Context Keys to Improve EC2 Security
Details Website 2025-09-01 0 How ThreatConnect and Polarity Empower Teams to Combat Phishing Threats | ThreatConnect
Details Website 2025-01-22 4 CISA: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications - RedPacket Security
Details Website 2025-01-22 5 Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations
Details Website 2025-01-22 0 HIPAA-Compliant Patient Portals with WordPress: Building Secure and Accessible Platforms
Details Website 2025-01-22 4 Flashpoint Weekly Vulnerability Insights and Prioritization Report
Details Website 2025-01-22 0 Account Credentials for Security Vendors Found on Dark Web
Details Website 2025-01-22 0 🚨 Fake Homebrew Google Ads Target Mac Users with Malware 🚨
Details Website 2025-01-22 0 Critical Vulnerability: Exposed AWS Credentials Leading to Massive Data Exposure at BrowserStack
Details Website 2025-01-22 2 When Fake IT Support Comes Knocking: A Healthcare Story
Details Website 2025-01-22 14 Entra Connect Attacker Tradecraft: Part 2
Details Website 2025-01-22 12 Entra Connect Attacker Tradecraft: Part 2
Details Website 2025-01-22 0 Best Email Security Services: Protecting Your Business from Cyber Threats
Details Website 2025-01-22 40 Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc.
Details Website 2025-01-22 0 Cybersecurity in E-Commerce
Details Website 2025-01-22 0 9 Essential Questions for Evaluating Penetration Testing Solutions
Details Website 2025-01-22 4 Cyber Briefing: 2025.01.222
Details Website 2025-01-22 1 Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance
Details Website 2025-01-22 5 How Falco and Wireshark paved the way for Stratoshark
Details Website 2025-01-22 5 Mastering LLM and Generative AI Security: An Ultra-Extensive Guide to Emerging Vulnerabilities and…
Details Website 2025-01-22 0 AI-Powered Static Application Security Testing in the Developer Toolkit
Details Website 2025-01-22 1 Demystifying Cyber Attacks with MITRE ATT&CK Framework
Details Website 2025-01-22 0 Security Alert Issued As 1 Billion Passwords Stolen By Malware-Act Now