MITRE ATT&CK Technique
Description
Adversaries may gather information about identities and roles within the victim organization that can be used during targeting. Information about business roles may reveal a variety of targetable details, including identifiable information for key personnel as well as what data/resources they have access to. Adversaries may gather this information in various ways, such as direct elicitation via [Phishing for Information](https://attack.mitre.org/techniques/T1598). Information about business roles may also be exposed to adversaries via online or other accessible data sets (ex: [Social Media](https://attack.mitre.org/techniques/T1593/001) or [Search Victim-Owned Websites](https://attack.mitre.org/techniques/T1594)).(Citation: ThreatPost Broadvoice Leak) Gathering this information may reveal opportunities for other forms of reconnaissance (ex: [Phishing for Information](https://attack.mitre.org/techniques/T1598) or [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593)), establishing operational resources (ex: [Establish Accounts](https://attack.mitre.org/techniques/T1585) or [Compromise Accounts](https://attack.mitre.org/techniques/T1586)), and/or initial access (ex: [Phishing](https://attack.mitre.org/techniques/T1566)).
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2020-10-02T16:37:30.015Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may gather information about identities and roles '
'within the victim organization that can be used during '
'targeting. Information about business roles may reveal a '
'variety of targetable details, including identifiable '
'information for key personnel as well as what data/resources '
'they have access to.\n'
'\n'
'Adversaries may gather this information in various ways, such '
'as direct elicitation via [Phishing for '
'Information](https://attack.mitre.org/techniques/T1598). '
'Information about business roles may also be exposed to '
'adversaries via online or other accessible data sets (ex: '
'[Social Media](https://attack.mitre.org/techniques/T1593/001) '
'or [Search Victim-Owned '
'Websites](https://attack.mitre.org/techniques/T1594)).(Citation: '
'ThreatPost Broadvoice Leak) Gathering this information may '
'reveal opportunities for other forms of reconnaissance (ex: '
'[Phishing for '
'Information](https://attack.mitre.org/techniques/T1598) or '
'[Search Open '
'Websites/Domains](https://attack.mitre.org/techniques/T1593)), '
'establishing operational resources (ex: [Establish '
'Accounts](https://attack.mitre.org/techniques/T1585) or '
'[Compromise '
'Accounts](https://attack.mitre.org/techniques/T1586)), and/or '
'initial access (ex: '
'[Phishing](https://attack.mitre.org/techniques/T1566)).',
'external_references': [{'external_id': 'T1591.004',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1591/004'},
{'description': 'Seals, T. (2020, October 15). '
'Broadvoice Leak Exposes 350M '
'Records, Personal Voicemail '
'Transcripts. Retrieved October 20, '
'2020.',
'source_name': 'ThreatPost Broadvoice Leak',
'url': 'https://threatpost.com/broadvoice-leaks-350m-records-voicemail-transcripts/160158/'}],
'id': 'attack-pattern--cc723aff-ec88-40e3-a224-5af9fd983cc4',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'reconnaissance'}],
'modified': '2025-10-24T17:49:23.837Z',
'name': 'Identify Roles',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['PRE'],
'x_mitre_version': '1.0'}