Phishing (T1566)

View on ATT&CK

In Playbook

Associated Tactics

  • Initial Access

Initial Access (TA0001)

The adversary is trying to get into your network. Initial Access consists of techniques that use various entry vectors to gain their initial foothold within a network. Techniques used to gain a foothold include targeted spearphishing and exploiting weaknesses on public-facing web servers. Footholds gained through initial access may allow for continued access, like valid accounts and use of external remote services, or may be limited-use due to changing passwords.

View on ATT&CK

Procedure Examples

Description Source(s)
Australian Cyber Security Centre. (2012, December). Mitigating Spoofed Emails Using Sender Policy Framework. Retrieved October 19, 2020. ACSC Email Spoofing
Brian Krebs. (2024, March 28). Thread Hijacking: Phishes That Prey on Your Curiosity. Retrieved September 27, 2024. phishing-krebs
CISA. (n.d.). Protecting Against Malicious Use of Remote Monitoring and Management Software. Retrieved February 2, 2023. CISA Remote Monitoring and Management Software
Itkin, Liora. (2022, September 1). Double-bounced attacks with email spoofing . Retrieved February 24, 2023. cyberproof-double-bounce
Kristopher Russo. (n.d.). Luna Moth Callback Phishing Campaign. Retrieved February 2, 2023. Unit42 Luna Moth
Microsoft. (2020, October 13). Anti-spoofing protection in EOP. Retrieved October 19, 2020. Microsoft Anti Spoofing
Microsoft. (2023, September 22). Malicious OAuth applications abuse cloud email services to spread spam. Retrieved March 13, 2023. Microsoft OAuth Spam 2022
Oren Biderman, Tomer Lahiyani, Noam Lifshitz, Ori Porag. (n.d.). LUNA MOTH: THE THREAT ACTORS BEHIND RECENT FALSE SUBSCRIPTION SCAMS. Retrieved February 2, 2023. sygnia Luna Month
Proofpoint. (n.d.). What Is Email Spoofing?. Retrieved February 24, 2023. Proofpoint-spoof
Vicky Ray and Rob Downs. (2014, October 29). Examining a VBA-Initiated Infostealer Campaign. Retrieved March 13, 2023. Palo Alto Unit 42 VBA Infostealer 2014