Remote Email Collection


Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as MailSniper can be used to automate searches for specific keywords.

Products, Sensors, and Dependencies

ProductDependenciesData sourceAccess requiredProtocolData CollectedNotes
Tenable Identity ExposureActive DirectoryStandard AD UserLDAPUser mailbox

Notes: fix me

Attack Path Technique Details

Framework: MITRE ATT&CK

Family: Collection

Platform: Windows

Products Required: Tenable Identity Exposure

Tenable Release Date: 2022 Q2