Threat Intelligence Feed

T1566 - Phishing

T1566 Phishing is a common tactic used by adversaries to gain access to victim systems. It is a form of social engineering that is delivered electronically, and it can take various forms. One type of phishing is known as spearphishing, in which a specific individual, company, or industry is targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as through mass malware spam campaigns.

Phishing attacks often involve the sending of emails containing malicious attachments or links. When a victim clicks on the link or opens the attachment, the adversary’s code is executed on the victim’s system. This code could be malware that gives the adversary access to the system, or it could be a tool that the adversary uses to exploit a vulnerability in the system.

In addition to email, phishing can also be conducted through third-party services, such as social media platforms. Adversaries may use these platforms to send malicious links or pose as a trusted source in order to trick victims into revealing sensitive information or clicking on a link.

Phishing attacks can have serious consequences for organizations. If a victim falls for a phishing attack and clicks on a malicious link, the adversary may gain access to the victim’s system and potentially take control of it. This can lead to data loss, financial damage, and reputational harm.

To defend against phishing attacks, organizations can educate their employees about the risks of phishing and how to identify suspicious emails. Email filtering and spam detection tools can also be used to block malicious emails from reaching employees’ inboxes. Strong passwords and two-factor authentication can help to prevent unauthorized access to systems.

It is important for organizations to be aware of the threat of phishing and take steps to prevent it. By implementing effective security measures and regularly monitoring for signs of phishing, organizations can reduce their risk of falling victim to this attack tactic.


alt= T1059 - Command and Scripting Interpreter

TAXII Server

Are you looking a for TAXII Server to connect?

TAXII Server

Sync Maltiverse Feeds via TAXII with your Security Devices