Wireless Sniffing (T0887)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Wireless Sniffing

Associated Tactics

  • Discovery
  • Collection

Discovery (TA0102)

The adversary is locating information to assess and identify their targets in your environment. Discovery consists of techniques that adversaries use to survey your ICS environment and gain knowledge about the internal network, control system devices, and how their processes interact. These techniques help adversaries observe the environment and determine next steps for target selection and Lateral Movement. They also allow adversaries to explore what they can control and gain insight on interactions between various control system processes. Discovery techniques are often an act of progression into the environment which enable the adversary to orient themselves before deciding how to act. Adversaries may use Discovery techniques that result in Collection, to help determine how available resources benefit their current objective. A combination of native device communications and functions, and custom tools are often used toward this post-compromise information-gathering objective.

View on ATT&CK

Procedure Examples

Description Source(s)
Bastille 2017, April 17 Dallas Siren Attack Retrieved. 2020/11/06 Bastille April 2017
Candell, R., Hany, M., Lee, K. B., Liu,Y., Quimby, J., Remley, K. 2018, April Guide to Industrial Wireless Systems Deployments Retrieved. 2020/12/01 Candell, R., Hany, M., Lee, K. B., Liu,Y., Quimby, J., Remley, K. April 2018
Gallagher, S. 2017, April 12 Pirate radio: Signal spoof set off Dallas emergency sirens, not network hack Retrieved. 2020/12/01 Gallagher, S. April 2017