Common Information
| Type | Value |
|---|---|
| Value |
Impersonation - T1656 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may impersonate a trusted person or organization in order to persuade and trick a target into performing some action on their behalf. For example, adversaries may communicate with victims (via [Phishing for Information](https://attack.mitre.org/techniques/T1598), [Phishing](https://attack.mitre.org/techniques/T1566), or [Internal Spearphishing](https://attack.mitre.org/techniques/T1534)) while impersonating a known sender such as an executive, colleague, or third-party vendor. Established trust can then be leveraged to accomplish an adversary’s ultimate goals, possibly against multiple victims. In many cases of business email compromise or email fraud campaigns, adversaries use impersonation to defraud victims -- deceiving them into sending money or divulging information that ultimately enables [Financial Theft](https://attack.mitre.org/techniques/T1657). Adversaries will often also use social engineering techniques such as manipulative and persuasive language in email subject lines and body text such as `payment`, `request`, or `urgent` to push the victim to act quickly before malicious activity is detected. These campaigns are often specifically targeted against people who, due to job roles and/or accesses, can carry out the adversary’s goal. Impersonation is typically preceded by reconnaissance techniques such as [Gather Victim Identity Information](https://attack.mitre.org/techniques/T1589) and [Gather Victim Org Information](https://attack.mitre.org/techniques/T1591) as well as acquiring infrastructure such as email domains (i.e. [Domains](https://attack.mitre.org/techniques/T1583/001)) to substantiate their false identity.(Citation: CrowdStrike-BEC) There is the potential for multiple victims in campaigns involving impersonation. For example, an adversary may [Compromise Accounts](https://attack.mitre.org/techniques/T1586) targeting one organization which can then be used to support impersonation against other entities.(Citation: VEC) |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2017-03-01 | 2 | Red Team Penetration Testing – Going All the Way (Part 2 of 3) | Anitian | ||
| Details | Website | 2016-12-12 | 0 | Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 17 | ||
| Details | Website | 2016-12-01 | 0 | NIST Shouted, Who Listened? Analyzing User Response to NIST’s Guidance on SMS 2FA Security | ||
| Details | Website | 2016-11-29 | 0 | The Phases of Email Filtering: Email Reputation Scores & More | ||
| Details | Website | 2016-11-25 | 0 | US Navy Data Leaked: 10 Tips to Protect Sensitive Data from Theft | ||
| Details | Website | 2016-10-31 | 2 | Promoted Tweet leads to credit card phishing | Malwarebytes Labs | ||
| Details | Website | 2016-10-30 | 15 | Major Call Center Scam Network Revealed - 56 Indicted | ||
| Details | Website | 2016-09-26 | 1 | Rotten Potato – Privilege Escalation from Service Accounts to SYSTEM | ||
| Details | Website | 2016-09-21 | 9 | Common x509 certificate validation/creation pitfalls | ||
| Details | Website | 2016-09-05 | 53 | Doing your own SSL/TLS testing | ||
| Details | Website | 2016-08-30 | 0 | Whaling: The Hunt for High Profile Business Targets - Check Point Software | ||
| Details | Website | 2016-08-30 | 1 | A week in security (Aug 21 – Aug 27) | Malwarebytes Labs | ||
| Details | Website | 2016-07-18 | 0 | A week in security (Jul 10 – Jul 16) | Malwarebytes Labs | ||
| Details | Website | 2016-07-08 | 47 | Returning to the Original Social Network | ||
| Details | Website | 2016-06-24 | 3 | VoLTE Security Analysis, part 2 | ||
| Details | Website | 2016-05-16 | 0 | State of the Criminal Address | CrowdStrike | ||
| Details | Website | 2016-05-10 | 0 | You Need To Understand Lateral Movement To Detect More Attacks | Rapid7 Blog | ||
| Details | Website | 2016-05-09 | 0 | Big businesses in the UK ‘experience regular data breaches’ | WeLiveSecurity | ||
| Details | Website | 2016-04-27 | 10 | Vulnerability Spotlight: Further NTPD Vulnerabilities | ||
| Details | Website | 2016-04-11 | 58 | Maintaining Persistence via SQL Server – Part 2: Triggers | ||
| Details | Website | 2016-03-14 | 13 | Weekly Metasploit Wrapup | Rapid7 Blog | ||
| Details | Website | 2016-03-08 | 18 | Microsoft Patch Tuesday - March 2016 | ||
| Details | Website | 2016-01-19 | 19 | TALOS-2016-0071 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence | ||
| Details | Website | 2016-01-01 | 10 | Black Hat Asia 2017 | ||
| Details | Website | 2016-01-01 | 53 | Analysis of Malicious Security Support Provider DLLs - PDF Free Download |