Acquire and/or use 3rd party infrastructure services

A wide variety of cloud, virtual private services, hosting, compute, and storage solutions are available. Additionally botnets are available for rent or purchase. Use of these solutions allow an adversary to stage, launch, and execute an attack from infrastructure that does not physically tie back to them and can be rapidly provisioned, modified, and shut down. [1]

ID: T1329
Sub-techniques:  No sub-techniques
Tactic: Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Adversary Opsec Acquire and/or use 3rd party infrastructure services

Procedure Examples

Name Description

TEMP.Veles has used Virtual Private Server (VPS) infrastructure.[2]


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Hard to differentiate from standard business operations.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Wide variety of cloud/VPS/hosting/compute/storage solutions available for adversary to acquire freely or at a low cost.


  1. Max Goncharov. (2015, July 15). Criminal Hideouts for Lease: Bulletproof Hosting Services. Retrieved March 6, 2017.