MITRE ATT&CK Technique
Description
Adversaries may gather information about the victim's host firmware that can be used during targeting. Information about host firmware may include a variety of details such as type and versions on specific hosts, which may be used to infer more information about hosts in the environment (ex: configuration, purpose, age/patch level, etc.). Adversaries may gather this information in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Information about host firmware may only be exposed to adversaries via online or other accessible data sets (ex: job postings, network maps, assessment reports, resumes, or purchase invoices).(Citation: ArsTechnica Intel) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593) or [Search Open Technical Databases](https://attack.mitre.org/techniques/T1596)), establishing operational resources (ex: [Develop Capabilities](https://attack.mitre.org/techniques/T1587) or [Obtain Capabilities](https://attack.mitre.org/techniques/T1588)), and/or initial access (ex: [Supply Chain Compromise](https://attack.mitre.org/techniques/T1195) or [Exploit Public-Facing Application](https://attack.mitre.org/techniques/T1190)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T16:46:42.537Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': "Adversaries may gather information about the victim's host "
'firmware that can be used during targeting. Information about '
'host firmware may include a variety of details such as type '
'and versions on specific hosts, which may be used to infer '
'more information about hosts in the environment (ex: '
'configuration, purpose, age/patch level, etc.).\n'
'\n'
'Adversaries may gather this information in various ways, such '
'as direct elicitation via [Phishing for '
'Information](https://attack.mitre.org/techniques/T1598). '
'Information about host firmware may only be exposed to '
'adversaries via online or other accessible data sets (ex: job '
'postings, network maps, assessment reports, resumes, or '
'purchase invoices).(Citation: ArsTechnica Intel) Gathering '
'this information may reveal opportunities for other forms of '
'reconnaissance (ex: [Search Open '
'Websites/Domains](https://attack.mitre.org/techniques/T1593) '
'or [Search Open Technical '
'Databases](https://attack.mitre.org/techniques/T1596)), '
'establishing operational resources (ex: [Develop '
'Capabilities](https://attack.mitre.org/techniques/T1587) or '
'[Obtain '
'Capabilities](https://attack.mitre.org/techniques/T1588)), '
'and/or initial access (ex: [Supply Chain '
'Compromise](https://attack.mitre.org/techniques/T1195) or '
'[Exploit Public-Facing '
'Application](https://attack.mitre.org/techniques/T1190)).',
'external_references': [{'external_id': 'T1592.003',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1592/003'},
{'description': 'Goodin, D. & Salter, J. (2020, '
'August 6). More than 20GB of Intel '
'source code and proprietary data '
'dumped online. Retrieved October 20, '
'2020.',
'source_name': 'ArsTechnica Intel',
'url': 'https://arstechnica.com/information-technology/2020/08/intel-is-investigating-the-leak-of-20gb-of-its-source-code-and-private-data/'}],
'id': 'attack-pattern--b85f6ce5-81e8-4f36-aff2-3df9d02a9c9d',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:49:16.957Z',
'name': 'Firmware',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}