What is MITRE ATT&CK Reconnaissance (TA0043)?

MITRE ATT&CK outlines the tactics and actions of cyber adversaries in an organized knowledge base. This allows cybersecurity professionals to better understand the steps adversaries take to achieve their objectives, allowing them to shore up defenses and stay alert for suspicious activity.

The MITRE ATT&CK Reconnaissance (TA0043) tactic refers to the collection of techniques that adversaries use to obtain valuable information about their target systems, networks, or individuals. This data gathering is often the first stage in the cyberattack lifecycle, serving as a foundation for subsequent stages like exploitation and execution of the attack.

Techniques Under MITRE ATT&CK Reconnaissance

The MITRE ATT&CK Reconnaissance tactic is broken down into a number of techniques, each showcasing a different aspect of the information-gathering process. These techniques include:

  1. Active Scanning: This involves probing systems directly to find vulnerabilities or other useful data points.
  2. Gather Victim Identity Information: In this technique, attackers collect personal or organizational details, usually to craft more convincing phishing attempts.
  3. Social Media Harvesting: Adversaries make use of social media platforms to compile information about their target, often focusing on employees or key individuals.
  4. Search Open Technical Databases: Utilizing databases like Shodan or Censys, attackers look for information that can help them in their cyber operations.
  5. Email Reconnaissance: This involves the harvesting of email addresses, often with the intent to conduct spear-phishing campaigns.
  6. Gather Victim Org Information: Collecting information that is specific to the organization, such as internal documentation or specific office locations, falls under this technique.

Importance of Understanding MITRE ATT&CK Reconnaissance

For organizations looking to improve their cybersecurity posture, understanding the MITRE ATT&CK Reconnaissance tactic is essential. By familiarizing yourself with the reconnaissance techniques outlined in the MITRE ATT&CK framework, you can better prepare your systems and networks against these preliminary but crucial stages of an attack. The readying of systems may involve deploying specialized monitoring tools, educating employees on the risks of sharing too much information online, or regularly updating and patching software to mitigate known vulnerabilities.

The MITRE ATT&CK Reconnaissance tactic acts as a guide to what steps cyber adversaries often follow to gather essential information on their targets. A deep understanding of this tactic and the techniques it includes can help security teams defend against cyber attacks. Therefore, the MITRE ATT&CK Reconnaissance tactic should be a core component of any comprehensive cybersecurity strategy.


Omnis Cyber Intelligence (OCI) can help identify unauthorized connections into your network. This detection can aid in the early identification of adversaries gathering information about your network infrastructure and traffic, preventing them from obtaining information about potential weak points in your environment.