Description
Adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business announcements as well as information about the roles, locations, and interests of staff.
Adversaries may search in different social media sites depending on what information they seek to gather. Threat actors may passively harvest data from these sites, as well as use information gathered to create fake profiles/groups to elicit victim’s into revealing specific information (i.e. Spearphishing Service).(Citation: Cyware Social Media) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Technical Databases), establishing operational resources (ex: Establish Accounts or Compromise Accounts), and/or initial access (ex: Spearphishing via Service).
Platforms
Mitigations (1)
Pre-compromiseM1056
This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.
Threat Groups (3)
| ID | Group | Context |
|---|---|---|
| G0094 | Kimsuky | [Kimsuky](https://attack.mitre.org/groups/G0094) has used Twitter to monitor potential victims and to prepare targeted phishing e-mails.(Citation: Mal... |
| G1052 | Contagious Interview | [Contagious Interview](https://attack.mitre.org/groups/G1052) had identified and solicited victims through social media such as LinkedIn, X, and Teleg... |
| G1011 | EXOTIC LILY | [EXOTIC LILY](https://attack.mitre.org/groups/G1011) has copied data from social media sites to impersonate targeted individuals.(Citation: Google EXO... |
References
Frequently Asked Questions
What is T1593.001 (Social Media)?
T1593.001 is a MITRE ATT&CK technique named 'Social Media'. It belongs to the Reconnaissance tactic(s). Adversaries may search social media for information about victims that can be used during targeting. Social media sites may contain various information about a victim organization, such as business an...
How can T1593.001 be detected?
Detection of T1593.001 (Social Media) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.
What mitigations exist for T1593.001?
There are 1 documented mitigations for T1593.001. Key mitigations include: Pre-compromise.
Which threat groups use T1593.001?
Known threat groups using T1593.001 include: Kimsuky, Contagious Interview, EXOTIC LILY.