- Home
- Techniques
- PRE-ATT&CK
- Create backup infrastructure
Create backup infrastructure
Backup infrastructure allows an adversary to recover from environmental and system failures. It also facilitates recovery or movement to other infrastructure if the primary infrastructure is discovered or otherwise is no longer viable. [1]
Detection
Detectable by Common Defenses (Yes/No/Partial): No
Explanation: Infrastructure is (typically) outside of control/visibility of defender and as such as tools are staged for specific campaigns, it will not be obvious to those being attacked.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: The adversary has control of the infrastructure and will likely be able to add/remove tools to infrastructure, whether acquired via hacking or standard computer acquisition (e.g., [https://aws.amazon.com AWS], commercial storage solutions).
References
- Forward-Looking Threat Research Team. (2012). LUCKYCAT REDUX: Inside an APT Campaign with Multiple Targets in India and Japan. Retrieved March 1, 2017.