MITRE ATT&CK Technique
Collection T1213.004
Description

Adversaries may leverage Customer Relationship Management (CRM) software to mine valuable information. CRM software is used to assist organizations in tracking and managing customer interactions, as well as storing customer data. Once adversaries gain access to a victim organization, they may mine CRM software for customer data. This may include personally identifiable information (PII) such as full names, emails, phone numbers, and addresses, as well as additional details such as purchase histories and IT support interactions. By collecting this data, an adversary may be able to send personalized [Phishing](https://attack.mitre.org/techniques/T1566) emails, engage in SIM swapping, or otherwise target the organization’s customers in ways that enable financial gain or the compromise of additional organizations.(Citation: Bleeping Computer US Cellular Hack 2022)(Citation: Bleeping Computer Mint Mobile Hack 2021)(Citation: Bleeping Computer Bank Hack 2020) CRM software may be hosted on-premises or in the cloud. Information stored in these solutions may vary based on the specific instance or environment. Examples of CRM software include Microsoft Dynamics 365, Salesforce, Zoho, Zendesk, and HubSpot.

Supported Platforms
SaaS
Created

April 29, 2026

Last Updated

April 29, 2026

STIX Data 
{'created': '2024-07-01T20:06:13.664Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': 'Adversaries may leverage Customer Relationship Management '
                '(CRM) software to mine valuable information. CRM software is '
                'used to assist organizations in tracking and managing '
                'customer interactions, as well as storing customer data.\n'
                '\n'
                'Once adversaries gain access to a victim organization, they '
                'may mine CRM software for customer data. This may include '
                'personally identifiable information (PII) such as full names, '
                'emails, phone numbers, and addresses, as well as additional '
                'details such as purchase histories and IT support '
                'interactions. By collecting this data, an adversary may be '
                'able to send personalized '
                '[Phishing](https://attack.mitre.org/techniques/T1566) emails, '
                'engage in SIM swapping, or otherwise target the '
                'organization’s customers in ways that enable financial gain '
                'or the compromise of additional organizations.(Citation: '
                'Bleeping Computer US Cellular Hack 2022)(Citation: Bleeping '
                'Computer Mint Mobile Hack 2021)(Citation: Bleeping Computer '
                'Bank Hack 2020)\n'
                '\n'
                'CRM software may be hosted on-premises or in the cloud. '
                'Information stored in these solutions may vary based on the '
                'specific instance or environment. Examples of CRM software '
                'include Microsoft Dynamics 365, Salesforce, Zoho, Zendesk, '
                'and HubSpot.',
 'external_references': [{'external_id': 'T1213.004',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/techniques/T1213/004'},
                         {'description': 'Ionut Ilascu. (2020, January 16). '
                                         'Customer-Owned Bank Informs 100k of '
                                         'Breach Exposing Account Balance, '
                                         'PII. Retrieved July 1, 2024.',
                          'source_name': 'Bleeping Computer Bank Hack 2020',
                          'url': 'https://www.bleepingcomputer.com/news/security/customer-owned-bank-informs-100k-of-breach-exposing-account-balance-pii/'},
                         {'description': 'Lawrence Abrams. (2021, July 10). '
                                         'Mint Mobile hit by a data breach '
                                         'after numbers ported, data accessed. '
                                         'Retrieved July 1, 2024.',
                          'source_name': 'Bleeping Computer Mint Mobile Hack '
                                         '2021',
                          'url': 'https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/'},
                         {'description': 'Sergiu Gatlan. (2022, January 4). '
                                         'UScellular discloses data breach '
                                         'after billing system hack. Retrieved '
                                         'July 1, 2024.',
                          'source_name': 'Bleeping Computer US Cellular Hack '
                                         '2022',
                          'url': 'https://www.bleepingcomputer.com/news/security/uscellular-discloses-data-breach-after-billing-system-hack/'}],
 'id': 'attack-pattern--bbfbb096-6561-4d7d-aa2c-a5ee8e44c696',
 'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
                        'phase_name': 'collection'}],
 'modified': '2025-04-15T22:12:49.744Z',
 'name': 'Customer Relationship Management Software',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'attack-pattern',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_contributors': ['Centre for Cybersecurity Belgium (CCB)'],
 'x_mitre_deprecated': False,
 'x_mitre_detection': '',
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_is_subtechnique': True,
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_platforms': ['SaaS'],
 'x_mitre_version': '1.0'}
Quick Actions
Edit TTP Update from Web
Back to TTPs
Dashboard About