JUST RELEASED: ATT&CK for Industrial Control Systems

Conduct social engineering or HUMINT operation

****Deprecation Warning****

This technique has been deprecated. Please see ATT&CK's Initial Access and Execution tactics for replacement techniques.

Social Engineering is the practice of manipulating people in order to get them to divulge information or take an action. Human Intelligence (HUMINT) is intelligence collected and provided by human sources. [1] [2]

ID: T1376
Tactic: Launch
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Assuming an average company does not train its employees to be aware of social engineering techniques, it is not possible to detect the adversary's use unless a highly motivated or paranoid employee informs security. This assessment flips to a 1 in cases of environments where security trains employees to be vigilant or in specialized industries where competitive intelligence and business intelligence train employees to be highly aware. Most likely more complex for an adversary to detect as methods move to physical or non traditionally monitored mechanisms (such as phone calls outside of call centers). Furthermore, the content of such an interaction may be lost due to lack of collection.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Assuming an average adversary whose focus is social engineering, it is not difficult for an adversary. Assuming a HUMINT operation and specialized circumstances, the adversary difficulty becomes 1. Social engineering can be easily done remotely via email or phone. In contrast, HUMINT operations typically would require physical contact at some point in the process, increasing the difficulty.


  1. Chris Johnston. (2015, February 5). Company loses $17m in email scam. Retrieved March 9, 2017.
  1. Robert Hackett. (2015, August 10). Fraudsters duped this company into handing over $40 million. Retrieved March 9, 2017.