EM-CONVERSATION-HIJACKInitial Access

Conversation Hijacking / Reply-Chain Attack

From a compromised mailbox, reply to an existing email thread with a malicious link — trust transferred from genuine prior thread.

§ Where this technique fits

EM-CONVERSATION-HIJACK is catalogued under the Initial Access tactic of the offensive-security kill-chain. It appears in 1 approved dossier in the registry, typically at step 3 on average.

§ Dossiers chaining this technique

Compromised vendor mailbox → reply-chain phishing → client compromise
Take over a vendor / partner mailbox via AITM phishing. Reply to an existing thread with a malicious link — trust transferred from the genuine prior conversation defeats most user training.
step 3 / 6

§ What commonly comes next

01
Phishing
T1566 · Initial Access
seen 1×

§ Where this technique fits

§ Dossiers chaining this technique

Compromised vendor mailbox → reply-chain phishing → client compromise

§ What commonly comes next