Compromise Infrastructure (T1584)

View on ATT&CK

In Playbook

Associated Tactics

  • Resource Development

Resource Development (TA0042)

The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.

View on ATT&CK

Procedure Examples

Description Source(s)
Amnesty International Security Lab. (2021, July 18). Forensic Methodology Report: How to catch NSO Group’s Pegasus. Retrieved February 22, 2022. amnesty_nso_pegasus
Crystal Morin. (2023, April 4). Proxyjacking has Entered the Chat. Retrieved July 6, 2023. Sysdig Proxyjacking
Hirani, M., Jones, S., Read, B. (2019, January 10). Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. Retrieved October 9, 2020. FireEye DNS Hijack 2019
ICANN Security and Stability Advisory Committee. (2005, July 12). Domain Name Hijacking: Incidents, Threats, Risks and Remediation. Retrieved March 6, 2017. ICANNDomainNameHijacking
Koczwara, M. (2021, September 7). Hunting Cobalt Strike C2 with Shodan. Retrieved October 12, 2021. Koczwara Beacon Hunting Sep 2021
Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016. Mandiant APT1
Mercer, W., Rascagneres, P. (2018, November 27). DNSpionage Campaign Targets Middle East. Retrieved October 9, 2020. Talos DNSpionage Nov 2018
NSA/NCSC. (2019, October 21). Cybersecurity Advisory: Turla Group Exploits Iranian APT To Expand Coverage Of Victims. Retrieved October 16, 2020. NSA NCSC Turla OilRig
Stephens, A. (2020, July 13). SCANdalous! (External Detection Using Network Scan Data and Automation). Retrieved October 12, 2021. Mandiant SCANdalous Jul 2020
ThreatConnect. (2020, December 15). Infrastructure Research and Hunting: Boiling the Domain Ocean. Retrieved October 12, 2021. ThreatConnect Infrastructure Dec 2020
Winters, R. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016. FireEye EPS Awakens Part 2