Identify resources required to build capabilities

As with legitimate development efforts, different skill sets may be required for different phases of an attack. The skills needed may be located in house, can be developed, or may need to be contracted out. [1]

ID: T1348
Sub-techniques:  No sub-techniques
Tactic: Build Capabilities
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Recruitment is, by its nature, either clandestine or off the record.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: Like target organizations, adversary organizations are competing to identify and hire top technical talent. Training less technical staff is also a viable option.


  1. Mandiant. (n.d.). APT1: Exposing One of China’s Cyber Espionage Units. Retrieved March 5, 2017.