216.73.216.133

T0811: Data from Information Repositories

View on MITRE ATT&CK The MITRE Corporation · Published 21/05/2020 19:43 · Modified 27/03/2026 01:44

Essential information

MITRE technique ID
T0811
Confidence
100/100
Revoked
No
Published
21/05/2020 19:43
Modified
27/03/2026 01:44
Author / Source
The MITRE Corporation

Description

Adversaries may target and collect data from information repositories. This can include sensitive data such as specifications, schematics, or diagrams of control system layouts, devices, and processes. Examples of information repositories include reference databases in the process environment, as well as databases in the corporate network that might contain information about the ICS.(Citation: Cybersecurity & Infrastructure Security Agency March 2018) Information collected from these systems may provide the adversary with a better understanding of the operational environment, vendors used, processes, or procedures of the ICS. In a campaign between 2011 and 2013 against ONG organizations, Chinese state-sponsored actors searched document repositories for specific information such as, system manuals, remote terminal unit (RTU) sites, personnel lists, documents that included the string SCAD*, user credentials, and remote dial-up access information. (Citation: CISA AA21-201A Pipeline Intrusion July 2021)

Kill chain phases

Kill chainPhase
mitre-ics-attack collection

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references