- Home
- Techniques
- PRE-ATT&CK
- Acquire and/or use 3rd party software services
Acquire and/or use 3rd party software services
A wide variety of 3rd party software services are available (e.g., Twitter, Dropbox, GoogleDocs). Use of these solutions allow an adversary to stage, launch, and execute an attack from infrastructure that does not physically tie back to them and can be rapidly provisioned, modified, and shut down. [1]
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Adversary Opsec | Acquire and/or use 3rd party software services |
Procedure Examples
Name | Description |
---|---|
APT1 |
APT1 used third party email services in the registration of whois records.[3] |
Night Dragon |
Night Dragon used third party hosting services in the U.S. in an attempt to hide their operations.[2] |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Defender will not have visibility over account creation for 3rd party software services.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: 3rd party services like these listed are freely available.
References
- FireEye Threat Intelligence. (2015, December 1). China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets. Retrieved March 1, 2017.
- McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.