TECHNIQUES
- Home
- Techniques
- PRE-ATT&CK
- Compromise 3rd party infrastructure to support delivery
Compromise 3rd party infrastructure to support delivery
Instead of buying, leasing, or renting infrastructure an adversary may compromise infrastructure and use it for some or all of the attack cycle. [1] [2]
ID: T1334
Sub-techniques:
No sub-techniques
Tactic:
Establish & Maintain Infrastructure
Version: 1.0
Created: 14 December 2017
Last Modified: 26 October 2018
Similar Techniques by Tactic
Tactic | Technique |
---|---|
Adversary Opsec | Compromise 3rd party infrastructure to support delivery |
Procedure Examples
Name | Description |
---|---|
APT16 |
APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[3] |
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Defender will not have visibility on 3rd party sites unless target is successfully enticed to visit one.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Commonly used technique currently (e.g., [https://www.wordpress.com WordPress] sites) as precursor activity to launching attack against intended target (e.g., acquiring botnet or layers of proxies for reducing attribution possibilities).
References
- Pierluigi Paganini. (2014, February 15). FireEye discovered a new watering hole attack based on 0-day exploit. Retrieved March 1, 2017.
- Darien Kindlund, Xiaobo Chen, Mike Scott, Ned Moran, Dan Caselden. (2014, February 13). Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website. Retrieved March 28, 2017.
×