- Tactics
- Reconnaissance
- Platforms
- PRE
- Reference
- attack.mitre.org/techniques/T1682
Description
Adversaries may query publicly accessible artificial intelligence (AI) services, such as large language models (LLMs), to support targeting and operations. In addition to searching websites or databases directly (i.e., Search Open Websites/Domains), adversaries may use AI services to synthesize, aggregate, and analyze publicly available information at scale. This may include identifying individuals or organizations to target, researching organizational structures and personnel, identifying technologies used by target organizations, researching business relationships to develop plausible pretexts for Social Engineering approaches, identifying contact information for use in Phishing or Phishing for Information, or gathering derogatory or sensitive information about individuals that may be used for extortion or coercion.(Citation: MSFT-AI)(Citation: GTIG AI Threat Tracker)
Information gathered through AI services may be leveraged for other behaviors, such as establishing operational resources (i.e., Generate Content or Establish Accounts. For obtaining access to AI tools and services, see Artificial Intelligence.
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Reconnaissance tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1589 — Gather Victim Identity Information
- T1590 — Gather Victim Network Information
- T1591 — Gather Victim Org Information
- T1592 — Gather Victim Host Information
- T1593 — Search Open Websites/Domains
- T1594 — Search Victim-Owned Websites
- T1595 — Active Scanning
- T1596 — Search Open Technical Databases
- T1597 — Search Closed Sources
- T1598 — Phishing for Information
- T1681 — Search Threat Vendor Data