Internal Spearphishing (T1534)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Internal Spearphishing

Associated Tactics

  • Lateral Movement

Lateral Movement (TA0008)

The adversary is trying to move through your environment. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network. Following through on their primary objective often requires exploring the network to find their target and subsequently gaining access to it. Reaching their objective often involves pivoting through multiple systems and accounts to gain. Adversaries might install their own remote access tools to accomplish Lateral Movement or use legitimate credentials with native network and operating system tools, which may be stealthier.

View on ATT&CK

Procedure Examples

Description Source(s)
Chris Taylor. (2017, October 5). When Phishing Starts from the Inside. Retrieved October 8, 2019. Trend Micro When Phishing Starts from the Inside 2017
Microsoft Threat Intelligence. (2023, August 2). Midnight Blizzard conducts targeted social engineering over Microsoft Teams. Retrieved February 16, 2024. Int SP - chat apps
Trend Micro. (n.d.). Retrieved February 16, 2024. Trend Micro - Int SP