The sub-techniques beta is now live! Read the release blog post for more info.

Identify personnel with an authority/privilege

Personnel internally to a company may have non-electronic specialized access, authorities, or privilege that make them an attractive target for an adversary. One example of this is an individual with financial authority to authorize large transactions. An adversary who compromises this individual might be able to subvert large dollar transfers. [1]

ID: T1271
Tactic: People Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The layers of data required and potential gaps of information to map a specific person to an authority or privilege on a network requires access to resources that may not tip off a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Requires an adversary to undergo an intensive research process. It is resource intensive or requires special data access. May be easier for certain specialty use cases.

References

  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.