Obfuscate infrastructure

Obfuscation is hiding the day-to-day building and testing of new tools, chat servers, etc. [1]

ID: T1309

Tactic: Adversary Opsec

Version: 1.0

Similar Techniques by Tactic

Establish & Maintain InfrastructureObfuscate infrastructure


Detectable by Common Defenses (Yes/No/Partial): Yes

Explanation: Difficult, but defender is well aware of technique and attempts to find discrepancies.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Adversary has a variety of solutions, ranging in difficulty, that can be employed (e.g., BGP hijacking, tunneling, reflection, multi-hop, etc.)Adversary can also use misattributable credentials to obtain servers, build environment, [https://aws.amazon.com Amazon Web Services] (AWS) accounts, etc.


  1. Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017.