Determine secondary level tactical element

The secondary level tactical element the adversary seeks to attack is the specific network or area of a network that is vulnerable to attack. Within the corporate network example, the secondary level tactical element might be a SQL server or a domain controller with a known vulnerability. [1] [2] [3] [4]

ID: T1244
Sub-techniques:  No sub-techniques
Tactic: Target Selection
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Normally, defender is unable to detect. May change for special use cases or adversary and defender overlays.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: This is the normal adversary targeting cycle where they utilize our poor OPSEC practices to their advantage.


  1. Elizabeth Van Ruitenbeek, Ken Keefe, William H. Sanders, and Carol Muehrcke. (2010). Characterizing the Behavior of Cyber Adversaries: The Means, Motive, and Opportunity of Cyberattacks. Retrieved March 5, 2017.
  2. Joint Chiefs of Staff. (2013, January 31). Joint Targeting. Retrieved May 19, 2017.
  1. Joint Chiefs of Staff. (2013, February 5). Cyberspace Operations. Retrieved May 19, 2017.
  2. Department of Defense. (2015, April). The Department of Defense Cyber Strategy. Retrieved May 19, 2017.