Compromise 3rd party infrastructure to support delivery

From pre-attack
Jump to: navigation, search


Compromise 3rd party infrastructure to support delivery
Technique
ID PRE-T1089
Tactic Adversary OPSEC

Definition

Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it for some or all of the attack cycle.12

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Commonly used technique currently (e.g., WordPress sites) as precursor activity to launching attack against intended target (e.g., acquiring botnet or layers of proxies for reducing attribution possibilities).

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Defender will not have visibility on 3rd party sites unless target is successfully enticed to visit one.

Similar Techniques for Other Tactics

TacticArticle
Adversary OPSECCompromise 3rd party infrastructure to support delivery
Establish & Maintain InfrastructureCompromise 3rd party infrastructure to support delivery