T1114

Email Collection

TA0009Collection

Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Emails may also contain details of ongoing incident response operations, which may allow adversaries to adjust their techniques in order to maintain persistence or evade defenses.(Citation: TrustedSec OOB Communications)(Citation: CISA AA20-352A 2021) Adversaries can collect or forward email from mail servers or clients.

Platforms4

WindowsmacOSLinuxOffice Suite

CVEs mapped to this technique

No CVE mappings yet

ATT&CK ↔ CVE mappings come from CTID's open dataset, which currently covers only a fraction of all techniques. Commercial threat-intel feeds would expand this.