The MITRE ATT&CK page on Reconnaissance (TA0043) discusses the first phase of cyberattacks, where adversaries gather crucial information about a target to facilitate future operations. This includes understanding an organization’s digital and physical environments, collecting data about employees, infrastructure, security posture, and technology stack. Techniques used range from publicly available information to more intrusive methods like active scanning or phishing attempts to acquire internal details. The gathered intelligence helps attackers in identifying weak spots for subsequent attack stages.
Key Points:
- Adversaries collect critical data.
- Methods include passive observation and active scanning.
- Prepares attackers for initial access and further stages.
Organizations can improve security by monitoring these tactics and enforcing tighter controls around public-facing information and employee exposure. Learn more by visiting the MITRE ATT&CK Reconnaissance Tactic page.
DFIR Global 