T1114.002SubTechniquecollectionagent-callable

T1114.002Remote Email Collection

Sub-technique of T1114

Platforms: Office 365 · Windows · Google Workspace

ATT&CK version: 14.1

What it is

Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as [MailSniper](https://attack.mitre.org/software/S0413) can be used to automate searches for specific keywords.

ATT&CK tactics· 1

Collection

References

  1. https://attack.mitre.org/techniques/T1114/002
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.