Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Lateral Movement
  4. >ATTACK-T1534
ATTACK-T1534Active

Internal Spearphishing

Statement

After they already have access to accounts or systems within the environment, adversaries may use internal spearphishing to gain access to additional information or compromise other users within the same organization. Internal spearphishing is multi-staged campaign where a legitimate account is initially compromised either by controlling the user's device or by compromising the account credentials of the user. Adversaries may then attempt to take advantage of the trusted internal account to increase the likelihood of tricking more victims into falling for phish attempts, often incorporating Impersonation.(Citation: Trend Micro - Int SP)

For example, adversaries may leverage Spearphishing Attachment or Spearphishing Link as part of internal spearphishing to deliver a payload or redirect to an external site to capture credentials through Input Capture on sites that mimic login interfaces.

Adversaries may also leverage internal chat apps, such as Microsoft Teams, to spread malicious content or engage users in attempts to capture sensitive information and/or credentials.(Citation: Int SP - chat apps)

Location

Tactic
Lateral Movement

Technique Details

Identifier
ATTACK-T1534
ATT&CK Page
View on MITRE

Tactics

Lateral Movement

Platforms

WindowsmacOSLinuxSaaSOffice Suite

Detection

Internal Spearphishing via Trusted Accounts

No cross-framework mappings available

← Back to Lateral Movement
Lateral Movement17 controls
ATTACK-T1021Remote ServicesATTACK-T1021.001Remote Desktop ProtocolATTACK-T1021.002SMB/Windows Admin SharesATTACK-T1021.003Distributed Component Object ModelATTACK-T1021.004SSHATTACK-T1021.005VNCATTACK-T1021.006Windows Remote ManagementATTACK-T1021.007Cloud ServicesATTACK-T1021.008Direct Cloud VM ConnectionsATTACK-T1080Taint Shared ContentATTACK-T1091Replication Through Removable MediaATTACK-T1210Exploitation of Remote ServicesATTACK-T1534Internal SpearphishingATTACK-T1563Remote Service Session HijackingATTACK-T1563.001SSH HijackingATTACK-T1563.002RDP HijackingATTACK-T1570Lateral Tool Transfer