1. Home
  2. ATT&CK Techniques
  3. T1593
  4. T1593.002
Reconnaissance

T1593.002: Search Engines

Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with...

T1593.002 · Sub-technique ·1 platforms ·1 groups

Description

Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).(Citation: SecurityTrails Google Hacking)(Citation: ExploitDB GoogleHacking)

Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general information about victims, as well as use specialized queries to look for spillages/leaks of sensitive information such as network details or credentials. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Technical Databases), establishing operational resources (ex: Establish Accounts or Compromise Accounts), and/or initial access (ex: Valid Accounts or Phishing).

Platforms

PRE

Mitigations (1)

Pre-compromiseM1056

This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.

Threat Groups (1)

IDGroupContext
G0094Kimsuky[Kimsuky](https://attack.mitre.org/groups/G0094) has searched for vulnerabilities, tools, and geopolitical trends on Google to target victims.(Citatio...

References

Frequently Asked Questions

What is T1593.002 (Search Engines)?

T1593.002 is a MITRE ATT&CK technique named 'Search Engines'. It belongs to the Reconnaissance tactic(s). Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with...

How can T1593.002 be detected?

Detection of T1593.002 (Search Engines) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1593.002?

There are 1 documented mitigations for T1593.002. Key mitigations include: Pre-compromise.

Which threat groups use T1593.002?

Known threat groups using T1593.002 include: Kimsuky.