- Tactics
- Collection
- Platforms
- Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1123
Description
An adversary can leverage a computer’s peripheral devices (e.g., microphones and webcams) or applications (e.g., voice and video call services) to capture audio recordings for the purpose of listening into sensitive conversations to gather information.(Citation: ESET Attor Oct 2019)
Malware or scripts may be used to interact with the devices through an available API provided by the operating system or an application to capture audio. Audio files may be written to disk and exfiltrated later.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Collection tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1005 — Data from Local System
- T1025 — Data from Removable Media
- T1039 — Data from Network Shared Drive
- T1056 — Input Capture
- T1074 — Data Staged
- T1113 — Screen Capture
- T1114 — Email Collection
- T1115 — Clipboard Data
- T1119 — Automated Collection
- T1125 — Video Capture
- T1185 — Browser Session Hijacking
- T1213 — Data from Information Repositories