Gather Victim Org Information: Determine Physical Locations (T1591.001)
Tactic: Reconnaissance · Platforms: PRE
The interactive view maps 1 detection strategy, 1 mitigation, 1 threat group to this technique, alongside D3FEND countermeasures and data-component coverage.
Sub-technique of Gather Victim Org Information (T1591).
Overview
Adversaries may gather the victim's physical location(s) that can be used during targeting. Information about physical locations of a target organization may include a variety of details, including where key resources and infrastructure are housed. Physical locations may also indicate what legal jurisdiction and/or authorities the victim operates within.
Adversaries may gather this information in various ways, such as direct elicitation via Phishing for Information. Physical locations of a target organization may also be exposed to adversaries via online or other accessible data sets (ex: Search Victim-Owned Websites or Social Media). Gathering this information may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Websites/Domains), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: Phishing or Hardware Additions).