Reconnaissance
The initial phase of an attack where threat actors gather information about a target.
Full Definition
Reconnaissance is the first phase of most cyberattacks, in which threat actors gather information about a target organization to plan and refine their attack strategy. It is the digital equivalent of casing a building before a robbery, and the quality of reconnaissance often determines the effectiveness of subsequent attack stages.
Passive reconnaissance involves gathering publicly available information without directly interacting with the target — OSINT techniques, LinkedIn scraping, DNS enumeration, and reviewing job postings. Active reconnaissance involves direct interaction with the target's systems, such as port scanning, web application fingerprinting, and probing authentication endpoints.
Data breaches are a powerful reconnaissance accelerant: leaked employee directories, organizational charts, and corporate structure data enable attackers to identify high-value targets, understand internal hierarchies, and craft highly targeted social engineering campaigns.
Related Terms
OSINT (Open Source Intelligence)
Intelligence gathered from publicly available sources including websites, social media, and public records.
Threat IntelligenceSocial Engineering
Psychological manipulation of people into performing actions or divulging confidential information.
Attack TypesSpear Phishing
A targeted phishing attack customized with personal details to deceive a specific individual or organization.
Attack TypesAttack Surface
The total set of points where an attacker can attempt to enter or extract data from an environment.
Security ConceptsMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.