Identify business relationships

Business relationship information includes the associates of a target and may be discovered via social media sites such as LinkedIn or public press releases announcing new partnerships between organizations or people (such as key hire announcements in industry articles). This information may be used by an adversary to shape social engineering attempts (exploiting who a target expects to hear from) or to plan for technical actions such as exploiting network trust relationship. [1] [2]

ID: T1272
Sub-techniques:  No sub-techniques
Tactic: People Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Organizational Information Gathering Identify business relationships

Procedure Examples

Name Description

APT16 spearphished journalists, apparently targeting those interested in contact information for DPP members or politicians.[3]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Searching publicly available sources that cannot be monitored by a defender. Much of this information is widely known and difficult to obscure.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Made easier by today's current social media.


  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.
  2. Gregory Scasny. (2015, September 14). Understanding Open Source Intelligence (OSINT) and its relationship to Identity Theft. Retrieved March 1, 2017.