Email Collection (T1114)
Tactic: Collection · Platforms: Windows, macOS, Linux, Office Suite
The interactive view maps 1 detection strategy, 4 mitigations, 4 threat groups, 2 software entries to this technique, alongside D3FEND countermeasures and data-component coverage.
Overview
Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Emails may also contain details of ongoing incident response operations, which may allow adversaries to adjust their techniques in order to maintain persistence or evade defenses. Adversaries can collect or forward email from mail servers or clients.
Sub-techniques
- Local Email Collection (T1114.001)
- Remote Email Collection (T1114.002)
- Email Forwarding Rule (T1114.003)