Theft of Operational Information

From attackics
Revision as of 14:22, 17 December 2019 by (username removed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Theft of Operational Information
ID T882
Tactic Impact


Adversaries may steal operational information on a production environment as a direct mission outcome for personal gain or to inform future operations. This information may include design documents, schedules, rotational data, or similar artifacts that provide insight on operations.

In the Bowman Dam incident, adversaries probed systems for operational data.12

Procedure Examples

  • ACAD/Medre.A can collect AutoCad files with drawings. These drawings may contain operational information.
  • Duqu’s purpose is to "gather intelligence data and assets from entities such as industrial infrastructure and system manufacturers, amongst others not in the industrial sector, in order to more easily conduct a future attack against another third party."3
  • Flame can collect AutoCAD design data and visio diagrams as well as other documents that may contain operational information.4