MITRE ATT&CK / T1213.002
T1213.002
Sharepoint
Description
Adversaries may leverage the SharePoint repository as a source to mine valuable information. SharePoint will often contain useful information for an adversary to learn about the structure and functionality of the internal network and systems. For example, the following is a list of example information that may hold potential value to an adversary and may also be found on SharePoint:* Policies, procedures, and standards * Physical / logical network diagrams * System architecture diagrams * Technical system documentation * Testing / development credentials (i.e., [Unsecured Credentials](https://attack.mitre.org/techniques/T1552)) * Work / project schedules * Source code snippets * Links to network shares and other internal resources
Platforms
Mitigations
- M1047 — Audit
- M1018 — User Account Management
- M1017 — User Training
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
- Kali365 PhaaS Kit Bypasses Microsoft 365 MFA via Device Code Phishing — FBI Warning
- Amazon SES Increasingly Abused in Phishing Attacks That Bypass Security Filters
- ConsentFix v3 Bypasses Azure MFA via Automated OAuth Abuse
- CVE-2026-32202: APT28 Exploits Zero-Click Windows Shell Flaw to Steal NTLM Credentials
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →