Common Information
Type | Value |
---|---|
Value |
Credentials - T1589.001 |
Category | Attack-Pattern |
Type | Mitre-Attack-Pattern |
Misp Type | Cluster |
Description | Adversaries may gather credentials that can be used during targeting. Account credentials gathered by adversaries may be those directly associated with the target victim organization or attempt to take advantage of the tendency for users to use the same passwords across personal and business accounts. Adversaries may gather credentials from potential victims in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Adversaries may also compromise sites then add malicious content designed to collect website authentication cookies from visitors.(Citation: ATT ScanBox) Credential information may also be exposed to adversaries via leaks to online or other accessible data sets (ex: [Search Engines](https://attack.mitre.org/techniques/T1593/002), breach dumps, code repositories, etc.).(Citation: Register Deloitte)(Citation: Register Uber)(Citation: Detectify Slack Tokens)(Citation: Forbes GitHub Creds)(Citation: GitHub truffleHog)(Citation: GitHub Gitrob)(Citation: CNET Leaks) Adversaries may also purchase credentials from dark web or other black-markets. Finally, where multi-factor authentication (MFA) based on out-of-band communications is in use, adversaries may compromise a service provider to gain access to MFA codes and one-time passwords (OTP).(Citation: Okta Scatter Swine 2022) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Phishing for Information](https://attack.mitre.org/techniques/T1598)), establishing operational resources (ex: [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [External Remote Services](https://attack.mitre.org/techniques/T1133) or [Valid Accounts](https://attack.mitre.org/techniques/T1078)). |
Details | Published | Attributes | CTI | Title | ||
---|---|---|---|---|---|---|
Details | Website | 2044-04-01 | 13 | Attackers Repurposing existing Python-based Malware for Distribution on NPM | ||
Details | Website | 2035-01-01 | 216 | UNKNOWN | ||
Details | Website | 2029-03-27 | 1 | AWS Introduces Global Condition Context Keys to Improve EC2 Security | ||
Details | Website | 2025-09-01 | 0 | How ThreatConnect and Polarity Empower Teams to Combat Phishing Threats | ThreatConnect | ||
Details | Website | 2025-01-22 | 4 | CISA: CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications - RedPacket Security | ||
Details | Website | 2025-01-22 | 5 | Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations | ||
Details | Website | 2025-01-22 | 0 | HIPAA-Compliant Patient Portals with WordPress: Building Secure and Accessible Platforms | ||
Details | Website | 2025-01-22 | 4 | Flashpoint Weekly Vulnerability Insights and Prioritization Report | ||
Details | Website | 2025-01-22 | 0 | Account Credentials for Security Vendors Found on Dark Web | ||
Details | Website | 2025-01-22 | 0 | 🚨 Fake Homebrew Google Ads Target Mac Users with Malware 🚨 | ||
Details | Website | 2025-01-22 | 0 | Critical Vulnerability: Exposed AWS Credentials Leading to Massive Data Exposure at BrowserStack | ||
Details | Website | 2025-01-22 | 2 | When Fake IT Support Comes Knocking: A Healthcare Story | ||
Details | Website | 2025-01-22 | 14 | Entra Connect Attacker Tradecraft: Part 2 | ||
Details | Website | 2025-01-22 | 12 | Entra Connect Attacker Tradecraft: Part 2 | ||
Details | Website | 2025-01-22 | 0 | Best Email Security Services: Protecting Your Business from Cyber Threats | ||
Details | Website | 2025-01-22 | 40 | Dark Web Profile: OilRig (APT34) - SOCRadar® Cyber Intelligence Inc. | ||
Details | Website | 2025-01-22 | 0 | Cybersecurity in E-Commerce | ||
Details | Website | 2025-01-22 | 0 | 9 Essential Questions for Evaluating Penetration Testing Solutions | ||
Details | Website | 2025-01-22 | 4 | Cyber Briefing: 2025.01.222 | ||
Details | Website | 2025-01-22 | 1 | Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance | ||
Details | Website | 2025-01-22 | 5 | How Falco and Wireshark paved the way for Stratoshark | ||
Details | Website | 2025-01-22 | 5 | Mastering LLM and Generative AI Security: An Ultra-Extensive Guide to Emerging Vulnerabilities and… | ||
Details | Website | 2025-01-22 | 0 | AI-Powered Static Application Security Testing in the Developer Toolkit | ||
Details | Website | 2025-01-22 | 1 | Demystifying Cyber Attacks with MITRE ATT&CK Framework | ||
Details | Website | 2025-01-22 | 0 | Security Alert Issued As 1 Billion Passwords Stolen By Malware-Act Now |