Determine 3rd party infrastructure services
A wide variety of cloud, virtual private services, hosting, compute, and storage solutions are available as 3rd party infrastructure services. These services could provide an adversary with another avenue of approach or compromise.   
Tactic: Organizational Information Gathering
Similar Techniques by Tactic
|Technical Information Gathering||Determine 3rd party infrastructure services|
DetectionDetectable by Common Defenses (Yes/No/Partial): No
Explanation: Adversary searches publicly available sources and may find this information on the 3rd party web site listing new customers/clients.
Difficulty for the AdversaryEasy for the Adversary (Yes/No): Yes
Explanation: Press releases may reveal this information particularly when it is an expected cost savings or improvement for scalability/reliability.
- Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017.
- Bruce Schneier. (2017, April 5). APT10 and Cloud Hopper. Retrieved May 9, 2017.
- Michael Kan. (2017, April 4). Chinese hackers go after third-party IT suppliers to steal data. Retrieved May 9, 2017.