Common Information
| Type | Value |
|---|---|
| Value |
Impersonation - T1656 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf. For example, adversaries may communicate with victims (via [Phishing for Information](https://attack.mitre.org/techniques/T1598), [Phishing](https://attack.mitre.org/techniques/T1566), or [Internal Spearphishing](https://attack.mitre.org/techniques/T1534)) while impersonating a known sender such as an executive, colleague, or third-party vendor. Established trust can then be leveraged to accomplish an adversary’s ultimate goals, possibly against multiple victims. In many cases of business email compromise or email fraud campaigns, adversaries use impersonation to defraud victims -- deceiving them into sending money or divulging information that ultimately enables [Financial Theft](https://attack.mitre.org/techniques/T1657). Adversaries will often also use social engineering techniques such as manipulative and persuasive language in email subject lines and body text such as `payment`, `request`, or `urgent` to push the victim to act quickly before malicious activity is detected. These campaigns are often specifically targeted against people who, due to job roles and/or accesses, can carry out the adversary’s goal. Impersonation is typically preceded by reconnaissance techniques such as [Gather Victim Identity Information](https://attack.mitre.org/techniques/T1589) and [Gather Victim Org Information](https://attack.mitre.org/techniques/T1591) as well as acquiring infrastructure such as email domains (i.e. [Domains](https://attack.mitre.org/techniques/T1583/001)) to substantiate their false identity.(Citation: CrowdStrike-BEC) There is the potential for multiple victims in campaigns involving impersonation. For example, an adversary may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) targeting one organization which can then be used to support impersonation against other entities.(Citation: VEC) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2018-05-10 | 7 | Enhancing Office 365 Advanced Threat Protection with detonation-based heuristics and machine learning - Microsoft Security Blog | ||
| Details | Website | 2018-04-20 | 0 | 【RSA2018】利用人工智能和机器学习优化威胁检测和应急响应 – 绿盟科技技术博客 | ||
| Details | Website | 2018-03-15 | 1 | Cloud Security Glossary | ||
| Details | Website | 2018-03-09 | 17 | How much trust do you put into your Gmail inbox messages? | ||
| Details | Website | 2018-03-07 | 0 | How Office 365 protects your organization from modern phishing campaigns - Microsoft Security Blog | ||
| Details | Website | 2018-02-27 | 7 | Money Laundering Via Author Impersonation on Amazon? – Krebs on Security | ||
| Details | Website | 2018-02-08 | 2 | The Email that Could Steal Your Life Savings and Leave You Homeless | ||
| Details | Website | 2018-02-06 | 1 | Hacking 101 to mobile data | ||
| Details | Website | 2018-01-16 | 0 | Email security in 2018 | ||
| Details | Website | 2018-01-15 | 536 | Vulnerability Summary for the Week of January 8, 2018 | CISA | ||
| Details | Website | 2018-01-09 | 0 | ZeroFox's 2018 Predictions: InfoSec, Marketing and the C-Suite | ||
| Details | Website | 2017-12-19 | 0 | Account Takeover: A Critical Layer Of Your Email Security | ||
| Details | Website | 2017-12-06 | 107 | Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware | ||
| Details | Website | 2017-11-20 | 8 | Alternative methods of becoming SYSTEM | ||
| Details | Website | 2017-10-16 | 16 | Perspective About the Recent WPA Vulnerabilities (KRACK Attacks) | ||
| Details | Website | 2017-10-09 | 2 | Detecting credential spearphishing attacks in enterprise settings | the morning paper | ||
| Details | Website | 2017-09-25 | 2 | Stepping up protection with intelligent security - Microsoft Security Blog | ||
| Details | Website | 2017-07-19 | 0 | 5 Phishing Attacks Office 365 and Gmail Didn't Detect in July | ||
| Details | Website | 2017-06-29 | 26 | NotPetya Ransomware Attack [Technical Analysis] | ||
| Details | Website | 2017-06-08 | 1 | What Is DevSecOps and How Logs Can Help | Logz.io | ||
| Details | Website | 2017-05-26 | 2 | Reading Your Way Around UAC (Part 3) | ||
| Details | Website | 2017-05-26 | 3 | Reading Your Way Around UAC (Part 2) | ||
| Details | Website | 2017-05-24 | 12 | Samba 3.5.0 - Remote Code Execution | ||
| Details | Website | 2017-03-23 | 3 | History of Phishing: Then and Now | ||
| Details | Website | 2017-03-22 | 12 | Chronicles of a Threat Hunter: Hunting for In-Memory Mimikatz with Sysmon and ELK - Part II (Event ID 10) |