Identify personnel with an authority/privilege

Personnel internally to a company may have non-electronic specialized access, authorities, or privilege that make them an attractive target for an adversary. One example of this is an individual with financial authority to authorize large transactions. An adversary who compromises this individual might be able to subvert large dollar transfers. [1]

ID: T1271

Tactic: People Information Gathering

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The layers of data required and potential gaps of information to map a specific person to an authority or privilege on a network requires access to resources that may not tip off a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Requires an adversary to undergo an intensive research process. It is resource intensive or requires special data access. May be easier for certain specialty use cases.

References

  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.