Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e)
Adversaries may leverage chat and messaging applications, such as Microsoft Teams, Google Chat, and Slack, to mine valuable information.
The following is a brief list of example information that may hold potential value to an adversary and may also be found on messaging applications:
- Testing / development credentials (i.e., Chat Messages)
- Source code snippets
- Links to network shares and other internal resources
- Proprietary data(Citation: Guardian Grand Theft Auto Leak 2022)
- Discussions about ongoing incident response efforts(Citation: SC Magazine Ragnar Locker 2021)(Citation: Microsoft DEV-0537)
In addition to exfiltrating data from messaging applications, adversaries may leverage data from chat messages in order to improve their targeting - for example, by learning more about an environment or evading ongoing incident response efforts.(Citation: Sentinel Labs NullBulge 2024)(Citation: Permiso Scattered Spider 2023)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| Messaging Applications - T1213.005 (fb75213f-cfb0-40bf-a02f-3bad93d6601e) | Attack Pattern | Data from Information Repositories - T1213 (d28ef391-8ed4-45dc-bc4a-2f43abf54416) | Attack Pattern | 1 |