- Tactics
- Reconnaissance
- Maturity
- demonstrated
- Reference
- atlas.mitre.org/techniques/AML.T0003
Description
Adversaries may search websites owned by the victim for information that can be used during targeting. Victim-owned websites may contain technical details about their AI-enabled products or services. Victim-owned websites may contain a variety of details, including names of departments/divisions, physical locations, and data about key employees such as names, roles, and contact info. These sites may also have details highlighting business operations and relationships.
Adversaries may search victim-owned websites to gather actionable information. This information may help adversaries tailor their attacks (e.g. Adversarial AI Attacks or Manual Modification). Information from these sources may reveal opportunities for other forms of reconnaissance (e.g. Search Open Technical Databases or Search Open AI Vulnerability Analysis)
How GTK Cyber trains on this
GTK Cyber's hands-on AI security courses cover adversarial-AI techniques across the MITRE ATLAS framework, including the Reconnaissance tactic this technique falls under. Our practitioner-led training is taught by Charles Givre and other field-tested SMEs and focuses on real adversarial scenarios, not slide decks.