1. Home
  2. ATT&CK Techniques
  3. T1598
  4. T1598.001
Reconnaissance

T1598.001: Spearphishing Service

Adversaries may send spearphishing messages via third-party services to elicit sensitive information that can be used during targeting. Spearphishing for information is an attempt to trick targets int...

T1598.001 · Sub-technique ·1 platforms

Description

Adversaries may send spearphishing messages via third-party services to elicit sensitive information that can be used during targeting. Spearphishing for information is an attempt to trick targets into divulging information, frequently credentials or other actionable information. Spearphishing for information frequently involves social engineering techniques, such as posing as a source with a reason to collect information (ex: Establish Accounts or Compromise Accounts) and/or sending multiple, seemingly urgent messages.

All forms of spearphishing are electronically delivered social engineering targeted at a specific individual, company, or industry. In this scenario, adversaries send messages through various social media services, personal webmail, and other non-enterprise controlled services.(Citation: ThreatPost Social Media Phishing) These services are more likely to have a less-strict security policy than an enterprise. As with most kinds of spearphishing, the goal is to generate rapport with the target or get the target's interest in some way. Adversaries may create fake social media accounts and message employees for potential job opportunities. Doing so allows a plausible reason for asking about services, policies, and information about their environment. Adversaries may also use information from previous reconnaissance efforts (ex: Social Media or Search Victim-Owned Websites) to craft persuasive and believable lures.

Platforms

PRE

Mitigations (1)

User TrainingM1017

Users can be trained to identify social engineering techniques and spearphishing attempts.

References

Frequently Asked Questions

What is T1598.001 (Spearphishing Service)?

T1598.001 is a MITRE ATT&CK technique named 'Spearphishing Service'. It belongs to the Reconnaissance tactic(s). Adversaries may send spearphishing messages via third-party services to elicit sensitive information that can be used during targeting. Spearphishing for information is an attempt to trick targets int...

How can T1598.001 be detected?

Detection of T1598.001 (Spearphishing Service) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.

What mitigations exist for T1598.001?

There are 1 documented mitigations for T1598.001. Key mitigations include: User Training.

Which threat groups use T1598.001?

While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.