Detections
Analytics
Remote Email Collection
Description
Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as MailSniper can be used to automate searches for specific keywords.
Products, Sensors, and Dependencies
| Product | Dependencies | Data source | Access required | Protocol | Data Collected | Notes |
|---|---|---|---|---|---|---|
| Tenable Identity Exposure | Active Directory | Standard AD User | LDAP | User mailbox |
Notes: fix me
Attack Path Technique Details
Framework: MITRE ATT&CK
Family: Collection
Technique: Email Collection: Remote Email Collection
Sub-Technique: Email Collection: Remote Email Collection
Platform: Windows
Products Required: Tenable Identity Exposure
Tenable Release Date: 2022 Q2