Stage Capabilities (T1608)

View on ATT&CK

In Playbook

Associated Tactics

  • Resource Development

Resource Development (TA0042)

The adversary is trying to establish resources they can use to support operations. Resource Development consists of techniques that involve adversaries creating, purchasing, or compromising/stealing resources that can be used to support targeting. Such resources include infrastructure, accounts, or capabilities. These resources can be leveraged by the adversary to aid in other phases of the adversary lifecycle, such as using purchased domains to support Command and Control, email accounts for phishing as a part of Initial Access, or stealing code signing certificates to help with Defense Evasion.

View on ATT&CK

Procedure Examples

Description Source(s)
Adair, S. and Lancaster, T. (2020, November 6). OceanLotus: Extending Cyber Espionage Operations Through Fake Websites. Retrieved November 20, 2020. Volexity Ocean Lotus November 2020
Ashwin Vamshi. (2019, January 24). Targeted Attacks Abusing Google Cloud Platform Open Redirection. Retrieved August 18, 2022. Netskope GCP Redirection
Ashwin Vamshi. (2020, August 12). A Big Catch: Cloud Phishing from Google App Engine and Azure App Service. Retrieved August 18, 2022. Netskope Cloud Phishing
Blasco, J. (2014, August 28). Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks. Retrieved October 19, 2020. ATT ScanBox
DigiCert. (n.d.). How to Install an SSL Certificate. Retrieved April 19, 2021. DigiCert Install SSL Cert
Gallagher, S.. (2015, August 5). Newly discovered Chinese hacking group hacked 100+ websites to use as “watering holes”. Retrieved January 25, 2016. Gallagher 2015
Jérôme Segura. (2019, December 4). There's an app for that: web skimmers found on PaaS Heroku. Retrieved August 18, 2022. Malwarebytes Heroku Skimmers
Kent Backman. (2021, May 18). When Intrusions Don’t Align: A New Water Watering Hole and Oldsmar. Retrieved August 18, 2022. Dragos Heroku Watering Hole
Kindlund, D. (2012, December 30). CFR Watering Hole Attack Details. Retrieved December 18, 2020. FireEye CFR Watering Hole 2012
Malwarebytes Threat Intelligence Team. (2020, October 14). Silent Librarian APT right on schedule for 20/21 academic year. Retrieved February 3, 2021. Malwarebytes Silent Librarian October 2020
Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021. Proofpoint TA407 September 2019