Gather Victim Identity Information
Adversaries may gather information about the victim's identity that can be used during targeting. Information about identities may include a variety of details, including personal data (ex: employee names, email addresses, photos, etc.) as well as sensitive details such as credentials or multi factor authentication (MF
- Framework
- MITRE ATLAS
- Maturity
- Realized
- Platforms
- Enterprise
- Release
- 2026.05
Overview
Adversaries may gather information about the victim's identity that can be used during targeting. Information about identities may include a variety of details, including personal data (ex: employee names, email addresses, photos, etc.) as well as sensitive details such as credentials or multi-factor authentication (MFA) configurations.
Adversaries may gather this information in various ways, such as direct elicitation, Search Victim-Owned Websites, or via leaked information on the black market.
Adversaries may use the gathered victim data to Create Deepfakes and impersonate them in a convincing manner. This may create opportunities for adversaries to Establish Accounts under the impersonated identity, or allow them to perform convincing Phishing attacks.