| ID | Name |
|---|---|
| ATAGS-T1179.001 | Local Email Collection |
| ATAGS-T1179.002 | Remote Email Collection |
| ATAGS-T1179.003 | Email Forwarding Rule |
Threat Actors may target an Exchange server, Office 365, or Google Workspace to collect sensitive information. Threat Actors may leverage a user's credentials and interact directly with the Exchange server to acquire information from within a network. Threat Actors may also access externally facing Exchange services, Office 365, or Google Workspace to access email using credentials or access tokens. Tools such as MailSniper can be used to automate searches for specific keywords.
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.