The sub-techniques beta is now live! Read the release blog post for more info.

Obfuscate infrastructure

Obfuscation is hiding the day-to-day building and testing of new tools, chat servers, etc. [1]

ID: T1309
Tactic: Adversary Opsec
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Establish & Maintain Infrastructure Obfuscate infrastructure

Detection

Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Difficult, but defender is well aware of technique and attempts to find discrepancies.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary has a variety of solutions, ranging in difficulty, that can be employed (e.g., BGP hijacking, tunneling, reflection, multi-hop, etc.)Adversary can also use misattributable credentials to obtain servers, build environment, [https://aws.amazon.com Amazon Web Services] (AWS) accounts, etc.

References

  1. Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017.