Acquire and/or use 3rd party infrastructure services

A wide variety of cloud, virtual private services, hosting, compute, and storage solutions are available. Additionally botnets are available for rent or purchase. Use of these solutions allow an adversary to stage, launch, and execute an attack from infrastructure that does not physically tie back to them and can be rapidly provisioned, modified, and shut down. [1]

ID: T1307

Tactic: Adversary Opsec

Version: 1.0

Similar Techniques by Tactic

TacticTechnique
Establish & Maintain InfrastructureAcquire and/or use 3rd party infrastructure services

Examples

NameDescription
Night Dragon

Night Dragon used servers in China, the U.S., and the Netherlands in an attempt to hide their operations.[2]

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: 3rd party services highly leveraged by legitimate services, hard to distinguish from background noise. While an adversary can use their own infrastructure, most know this is a sure- re way to get caught. To add degrees of separation, they can buy or rent from another adversary or accomplice.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Wide range of 3rd party services for hosting, rotating, or moving C2, static data, exploits, exfiltration, etc.

References

  1. Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017.