| ID | Name |
|---|---|
| T1683.001 | Written Content |
| T1683.002 | Audio-Visual Content |
Adversaries may create or manipulate audio, image, and video content to support targeting and malicious operations. Adversaries may also use synthetic voice recordings, real-time altered audio or video during live interactions, fabricated profile photos and identity documents, or video content depicting fabricated or impersonated individuals.[1]
Content may be produced manually through editing tools, generated using AI-assisted tools, or produced using third-party synthetic services.[2][3] AI-assisted tools have enabled adversaries to produce synthetic media at scale and generate content that is more difficult to identify as inauthentic.
Audio-visual content produced through these methods may be used in support of other techniques, such as Phishing, Spearphishing via Service, Phishing for Information, Internal Spearphishing, Social Engineering, Financial Theft, or Establish Accounts.
| ID | Name | Description |
|---|---|---|
| G0099 | APT-C-36 |
APT-C-36 has used phishing pages appearing like legitimate banking login portals to compromise credentials.[4] |
| G1052 | Contagious Interview |
Contagious Interview has used AI to clone video-conferencing applications to distribute their BeaverTail malware. They have also used AI to create deepfake videos. [5] |
| ID | Mitigation | Description |
|---|---|---|
| M1056 | Pre-compromise |
This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on designing defenses that are not reliant on atomic indicators. |
| ID | Name | Analytic ID | Analytic Description |
|---|---|---|---|
| DET0918 | Detection of Audio-Visual Content | AN2061 |
Much of this takes place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access. |