Applied Cybernetics Group
T1114.002 — Remote Email Collection
coverage gap
- Technique
T1114.002- Tactics
- Collection
- MISP citations
- 0
- KEV CVEs mapped
- 1
- Community rules
- 0
- thrunt rules
- 0
- Upstream
- https://attack.mitre.org/techniques/T1114/002
MITRE description
Adversaries may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Adversaries may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Adversaries may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as [MailSniper](https://attack.mitre.org/software/S0413) can be used to automate searches for specific keywords.
KEV CVEs mapped to this technique
Per MITRE CTID's hand-curated KEV→ATT&CK mappings — these are the actively-exploited vulnerabilities behind this technique's KEV signal.
Detection coverage
No detection coverage exists for this technique — no SigmaHQ community rule carries its tag and thrunt has not authored one yet. Techniques on this list are exactly where hand-authoring effort goes next; see the rollup for the full queue.