Skip to content

T1593.002 Search Engines

Adversaries may use search engines to collect information about victims that can be used during targeting. Search engine services typical crawl online sites to index context and may provide users with specialized syntax to search for specific keywords or specific types of content (i.e. filetypes).12

Adversaries may craft various search engine queries depending on what information they seek to gather. Threat actors may use search engines to harvest general information about victims, as well as use specialized queries to look for spillages/leaks of sensitive information such as network details or credentials. Information from these sources may reveal opportunities for other forms of reconnaissance (ex: Phishing for Information or Search Open Technical Databases), establishing operational resources (ex: Establish Accounts or Compromise Accounts), and/or initial access (ex: Valid Accounts or Phishing).

Item Value
ID T1593.002
Sub-techniques T1593.001, T1593.002, T1593.003
Tactics TA0043
Platforms PRE
Version 1.0
Created 02 October 2020
Last Modified 15 April 2021

Procedure Examples

ID Name Description
G0094 Kimsuky Kimsuky has searched for vulnerabilities, tools, and geopolitical trends on Google to target victims.3

Mitigations

ID Mitigation Description
M1056 Pre-compromise This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls. Efforts should focus on minimizing the amount and sensitivity of data available to external parties.

References

  1. Borges, E. (2019, March 5). Exploring Google Hacking Techniques. Retrieved October 20, 2020. 

  2. Offensive Security. (n.d.). Google Hacking Database. Retrieved October 23, 2020. 

  3. KISA. (n.d.). Phishing Target Reconnaissance and Attack Resource Analysis Operation Muzabi. Retrieved March 7, 2022.