View on MITRE ATT&CK

T1114.002 - Remote Email Collection

Sub-technique
Tattiche:
Collection
Piattaforme:
Windows Office Suite
Rilevamento:
Not specified
Description:
Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as [MailSniper](https://attack.mitre.org/software/S0413) can be used to automate searches for specific keywords.
Usato da Attori (12)
APT1
Nation-state
APT28
Nation-state
APT29
Nation-state
Kimsuky
Nation-state
HAFNIUM
Unknown
Dragonfly
Unknown
Ke3chang
Unknown
Leafminer
Unknown
Magic Hound
Unknown
Chimera
Unknown
FIN4
Unknown
Star Blizzard
Unknown
Malware (4)
SeaDuke other LightNeuron other Valak other MailSniper tool
Metadata
MITRE ID: T1114.002
STIX ID: attack-pattern--b4694861-542c-...
Piattaforme: Windows, Office Suite
Created: 13/01/2026 17:48
Updated: 06/03/2026 16:00