JUST RELEASED: ATT&CK for Industrial Control Systems
ENTERPRISE MOBILE PRE-ATT&CK
TECHNIQUES
Priority Definition Planning
Priority Definition Direction
Target Selection
Technical Information Gathering
People Information Gathering
Organizational Information Gathering
Technical Weakness Identification
People Weakness Identification
Organizational Weakness Identification
Adversary OPSEC
Establish & Maintain Infrastructure
Persona Development
Build Capabilities
Test Capabilities
Stage Capabilities
  1. Home
  2. Techniques
  3. PRE-ATT&CK
  4. Acquire and/or use 3rd party infrastructure services

Acquire and/or use 3rd party infrastructure services

A wide variety of cloud, virtual private services, hosting, compute, and storage solutions are available. Additionally botnets are available for rent or purchase. Use of these solutions allow an adversary to stage, launch, and execute an attack from infrastructure that does not physically tie back to them and can be rapidly provisioned, modified, and shut down. [1]

ID: T1329
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Adversary Opsec Acquire and/or use 3rd party infrastructure services

Procedure Examples

Name Description
TEMP.Veles

TEMP.Veles has used Virtual Private Server (VPS) infrastructure.[2]

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Hard to differentiate from standard business operations.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Wide variety of cloud/VPS/hosting/compute/storage solutions available for adversary to acquire freely or at a low cost.

References

  1. Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.
  1. Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.