Compromise 3rd party or closed-source vulnerability/exploit information

There is usually a delay between when a vulnerability or exploit is discovered and when it is made public. An adversary may target the systems of those known to research vulnerabilities in order to gain that knowledge for use during a different attack. [1]

ID: T1354

Tactic: Build Capabilities

Version: 1.0

Detection

Detectable by Common Defenses (Yes/No/Partial): No

Explanation: The compromise of unknown vulnerabilities would provide little attack and warning against a defender, rendering it highly challenging to detect.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Finding, attacking, and compromising a 3rd party or closed vulnerability entity is challenging, because those containing the vulnerabilities should be very aware of attacks on their environments have a heightened awareness.

References

  1. JAMES TEMPERTON. (2015, August 10). Hacking Team zero-day used in new Darkhotel attacks. Retrieved March 9, 2017.