Assess opportunities created by business deals

During mergers, divestitures, or other period of change in joint infrastructure or business processes there may be an opportunity for exploitation. During this type of churn, unusual requests, or other non standard practices may not be as noticeable. [1] [2]

ID: T1299
Sub-techniques:  No sub-techniques
Tactic: Organizational Weakness Identification
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Most of this activity would target partners and business processes. Partners would not report. Difficult to tie this activity to a cyber attack.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Mapping joint infrastructure and business processes is difficult without insider knowledge or SIGINT capability. While a merger creates and opportunity to exploit potentially cumbersome or sloppy business processes, advance notice of a merger is difficult; merger information is typically close-hold until the deal is done.


  1. Ben Rossi. (2014, August 29). Mergers and acquisitions: a new target for cyber attack. Retrieved March 6, 2017.
  1. Holly Meidl. (2015, December 16). How Health Care Companies Can Reduce the Risk of Cyber-Attack During Mergers and Acquisitions. Retrieved March 6, 2017.