Identify business relationships

From pre-attack
Jump to: navigation, search

Identify business relationships
ID PRE-T1060
Tactic Organizational Information Gathering


Business relationship information may be used by an adversary to shape social engineering attempts (exploiting who a target expects to hear from) or to plan for technical actions such as exploiting network trust relationship.1

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Requires an intensive process. In some industries, business relationships may be public in order to generate business, but this is not the case for all industries and all relationships.


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Exception to the rule is if the adversary tips off the target that others have been asking about the relationship with them.

Similar Techniques for Other Tactics

Organizational Information GatheringIdentify business relationships
People Information GatheringIdentify business relationships