Determine strategic target

An adversary undergoes an iterative target selection process that may begin either broadly and narrow down into specifics (strategic to tactical) or narrowly and expand outward (tactical to strategic). As part of this process, an adversary may determine a high level target they wish to attack. One example of this may be a particular country, government, or commercial sector. [1] [2] [3] [4]

ID: T1241
Sub-techniques:  No sub-techniques
Tactic: Target Selection
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Normally, defender is unable to detect. May change for special use cases or adversary and defender overlays.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: This is the normal adversary targeting cycle where they utilize our poor OPSEC practices to their advantage.


  1. Elizabeth Van Ruitenbeek, Ken Keefe, William H. Sanders, and Carol Muehrcke. (2010). Characterizing the Behavior of Cyber Adversaries: The Means, Motive, and Opportunity of Cyberattacks. Retrieved March 5, 2017.
  2. Joint Chiefs of Staff. (2013, January 31). Joint Targeting. Retrieved May 19, 2017.
  1. Joint Chiefs of Staff. (2013, February 5). Cyberspace Operations. Retrieved May 19, 2017.
  2. Department of Defense. (2015, April). The Department of Defense Cyber Strategy. Retrieved May 19, 2017.