Common Information
| Type | Value |
|---|---|
| Value |
Impersonation - T1656 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf. For example, adversaries may communicate with victims (via [Phishing for Information](https://attack.mitre.org/techniques/T1598), [Phishing](https://attack.mitre.org/techniques/T1566), or [Internal Spearphishing](https://attack.mitre.org/techniques/T1534)) while impersonating a known sender such as an executive, colleague, or third-party vendor. Established trust can then be leveraged to accomplish an adversary’s ultimate goals, possibly against multiple victims. In many cases of business email compromise or email fraud campaigns, adversaries use impersonation to defraud victims -- deceiving them into sending money or divulging information that ultimately enables [Financial Theft](https://attack.mitre.org/techniques/T1657). Adversaries will often also use social engineering techniques such as manipulative and persuasive language in email subject lines and body text such as `payment`, `request`, or `urgent` to push the victim to act quickly before malicious activity is detected. These campaigns are often specifically targeted against people who, due to job roles and/or accesses, can carry out the adversary’s goal. Impersonation is typically preceded by reconnaissance techniques such as [Gather Victim Identity Information](https://attack.mitre.org/techniques/T1589) and [Gather Victim Org Information](https://attack.mitre.org/techniques/T1591) as well as acquiring infrastructure such as email domains (i.e. [Domains](https://attack.mitre.org/techniques/T1583/001)) to substantiate their false identity.(Citation: CrowdStrike-BEC) There is the potential for multiple victims in campaigns involving impersonation. For example, an adversary may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) targeting one organization which can then be used to support impersonation against other entities.(Citation: VEC) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2019-01-14 | 8 | WNF IDs from w10 build 18312 | ||
| Details | Website | 2019-01-01 | 2 | Security Advisory - Proofpoint Protection Server Cross-Site Scripting Vulnerability | ||
| Details | Website | 2018-12-19 | 2 | Mobile banking continues to be primary target for advanced trojan attacks | ||
| Details | Website | 2018-12-10 | 4 | in(Secure) messaging apps — How side-channel attacks can compromise privacy in WhatsApp, Telegram, and Signal | ||
| Details | Website | 2018-12-05 | 8 | RPC Bug Hunting Case Studies – Part 1 | ||
| Details | Website | 2018-11-29 | 2 | AWS Security Hub Extends Privileged Access Threat Analytics Capabilities with CyberArk | ||
| Details | Website | 2018-11-27 | 0 | Keeping Who-ville Cyber Secure This Holiday Season | ||
| Details | Website | 2018-11-12 | 276 | Vulnerability Summary for the Week of November 5, 2018 | CISA | ||
| Details | Website | 2018-11-08 | 24 | Attack uses malicious InPage document and outdated VLC media player to give attackers backdoor access to targets - Microsoft Security Blog | ||
| Details | Website | 2018-11-08 | 1 | 2018 Phishing and Fraud Report: Attacks Peak During the Holidays | ||
| Details | Website | 2018-10-17 | 0 | How Office 365 learned to reel in phish - Microsoft Security Blog | ||
| Details | Website | 2018-09-30 | 0 | 威胁建模还有多少用武之地 – 绿盟科技技术博客 | ||
| Details | Website | 2018-09-13 | 0 | Abusing Microsoft Customer Voice to Send Phishing Links | ||
| Details | Website | 2018-09-11 | 0 | IRS Call Scammers Sentenced in Texas | ||
| Details | Website | 2018-09-06 | 14 | Is your Google Analytics code malicious? – Sansec | ||
| Details | Website | 2018-08-30 | 11 | Remote Mac Exploitation Via Custom URL Schemes | ||
| Details | Website | 2018-08-13 | 7 | Process Doppelgänging meets Process Hollowing in Osiris dropper | Malwarebytes Labs | ||
| Details | Website | 2018-07-23 | 0 | How to Do Effective and Impactful Tor Research | Tor Project | ||
| Details | Website | 2018-07-20 | 15 | Into the Borg – SSRF inside Google production network | OpnSec | ||
| Details | Website | 2018-07-12 | 0 | When three isn't a crowd: Man-in-the-Middle (MitM) attacks explained | Malwarebytes Labs | ||
| Details | Website | 2018-07-11 | 32 | Passing-the-Hash to NTLM Authenticated Web Applications | ||
| Details | Website | 2018-06-27 | 0 | Marketing Firm Leaked Database With 340 Million Records | ||
| Details | Website | 2018-06-11 | 1 | Bypassing Detection for a Reverse Meterpreter Shell - Checkmate | ||
| Details | Website | 2018-06-09 | 5 | The Future of Social Engineering - Privacy PC | ||
| Details | Website | 2018-05-26 | 39 | module ~ lsadump · gentilkiwi/mimikatz Wiki |