Common Information
| Type | Value |
|---|---|
| Value |
Impersonation - T1656 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf. For example, adversaries may communicate with victims (via [Phishing for Information](https://attack.mitre.org/techniques/T1598), [Phishing](https://attack.mitre.org/techniques/T1566), or [Internal Spearphishing](https://attack.mitre.org/techniques/T1534)) while impersonating a known sender such as an executive, colleague, or third-party vendor. Established trust can then be leveraged to accomplish an adversary’s ultimate goals, possibly against multiple victims. In many cases of business email compromise or email fraud campaigns, adversaries use impersonation to defraud victims -- deceiving them into sending money or divulging information that ultimately enables [Financial Theft](https://attack.mitre.org/techniques/T1657). Adversaries will often also use social engineering techniques such as manipulative and persuasive language in email subject lines and body text such as `payment`, `request`, or `urgent` to push the victim to act quickly before malicious activity is detected. These campaigns are often specifically targeted against people who, due to job roles and/or accesses, can carry out the adversary’s goal. Impersonation is typically preceded by reconnaissance techniques such as [Gather Victim Identity Information](https://attack.mitre.org/techniques/T1589) and [Gather Victim Org Information](https://attack.mitre.org/techniques/T1591) as well as acquiring infrastructure such as email domains (i.e. [Domains](https://attack.mitre.org/techniques/T1583/001)) to substantiate their false identity.(Citation: CrowdStrike-BEC) There is the potential for multiple victims in campaigns involving impersonation. For example, an adversary may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) targeting one organization which can then be used to support impersonation against other entities.(Citation: VEC) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2019-12-02 | 7 | BlackDirect: Microsoft Azure Account Takeover | ||
| Details | Website | 2019-11-05 | 13 | CobaltStrike - beacon.dll : Your No Ordinary MZ Header | ||
| Details | Website | 2019-11-01 | 5 | Fun with Incognito | Offensive Security | ||
| Details | Website | 2019-10-31 | 16 | Office 365 Users Targeted by Voicemail Scam Pages | McAfee Blog | ||
| Details | Website | 2019-10-22 | 0 | Three Ways to Hack the U.S. Election | ||
| Details | Website | 2019-09-24 | 9 | REvil Ransomware: The GandCrab Connection | ||
| Details | Website | 2019-08-19 | 9 | IT threat evolution Q2 2019 | ||
| Details | Website | 2019-08-08 | 65 | Suspected BITTER APT Continues Targeting Government of China and Chinese Organizations | ||
| Details | Website | 2019-08-01 | 29 | LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards | Proofpoint US | ||
| Details | Website | 2019-07-09 | 16 | Sea Turtle keeps on swimming, finds new victims, DNS hijacking techniques | ||
| Details | Website | 2019-06-22 | 2 | Top Takes: Suspected Russian Intelligence Operation | ||
| Details | Website | 2019-06-05 | 6 | Upgraded JasperLoader Infecting Machines with New Targets & Functional Improvements: What You Need to Know | ||
| Details | Website | 2019-05-16 | 0 | IMP4GT: IMPersonation Attacks in 4G NeTworks | ||
| Details | Website | 2019-05-03 | 11 | Mirrorthief Hits Campus Online Stores Using Magecart | ||
| Details | Website | 2019-04-27 | 0 | The Spycraft Revolution | ||
| Details | Website | 2019-04-17 | 40 | DNS Hijacking Abuses Trust In Core Internet Service | ||
| Details | Website | 2019-04-05 | 26 | Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware | Mandiant | ||
| Details | Website | 2019-03-22 | 276 | UNKNOWN | ||
| Details | Website | 2019-03-21 | 0 | Top Cyber Security Threats for 2019 | ||
| Details | Website | 2019-03-20 | 13 | Issue certificates for IIS and Exchange with Let’s Encrypt | ||
| Details | Website | 2019-03-01 | 0 | 404 | Mimecast | ||
| Details | Website | 2019-02-27 | 12 | Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and… | ||
| Details | Website | 2019-02-19 | 2 | How to Detect Pass-the-Ticket Attacks | ||
| Details | Website | 2019-02-01 | 3 | Examining Pointer Authentication on the iPhone XS | ||
| Details | Website | 2019-01-22 | 11 | Shmoocon 2019 - BECS and beyond: Investigating and Defending Office 3… |