psk-study

Resource Development

๋ฐ•์„œ๊ฒฝ's photo
๋ฐ•์„œ๊ฒฝ
ยท

2 min read

Table of contents

Goal

๐Ÿ“Œ The attacker gathers intelligence about the target to plan future attacks.

Techniques:

๐Ÿ›  Acquire Access | ๐Ÿ“ Establish Accounts |๐Ÿ”‘ Compromise Accounts| ๐Ÿข Acquire Infrastructure | ๐Ÿ— Compromise Infrastructure ๐Ÿ’ก Develop Capabilities | ๐ŸŽฏ Obtain Capabilities|| ๐Ÿ“ฆ Stage Capabilities

Acquire Access

Acquisition of Access to Systems and Networks

  • Purchasing access to already compromised systems (e.g., backdoors, remote services)

  • Buying or developing infrastructure, accounts, and malware

Mitigations

๐Ÿ›ก Pre-compromise: Actions are performed outside the scope of cybersecurity defense measures and therefore cannot be mitigated.

Detection

๐Ÿ” Detection: Activities occur outside the scope of cybersecurity defenses, making them difficult to detect using defensive techniques.

Establish Accounts

  • Creating social media, email, and cloud accounts for phishing attacks

  • Setting up accounts on platforms such as Facebook, LinkedIn, X, Google, GitHub, Docker Hub, etc., and configuring profiles, photos, and other details to appear legitimate

Compromise Accounts

  • Using Establish Accounts to steal key account information of the target through phishing, purchases, brute-force attacks, or insider threats

  • Compromising email accounts enhances phishing credibility

  • Compromising social media accounts makes the Establish Accounts process appear more legitimate

  • Compromising email accounts improves the effectiveness of phishing attacks

Acquire Infrastructure

  • Securing various types of infrastructure for future cyber attacks

  • Acquiring domains, DNS servers, virtual private servers (VPS), insiders, botnets, web services, serverless cloud environments, and malicious advertisements (Malvertising, 2023.02)

Compromise Infrastructure

  • Hijacking various types of infrastructure for future cyber attacks

  • Depending on the compromised infrastructure, attackers can conceal their activities and enhance the credibility of the infected infrastructure

Develop Capabilities

  • Developing exploitation tools, malware, and certificates for use in cyber attacks

Obtain Capabilities

  • Acquiring, purchasing, or stealing exploitation tools, malware, and certificates for use in cyber attacks.

Stage Capabilities

  • Uploading, installing, and configuring attack tools on the attacker's infrastructure

  • Infrastructure may include both acquired and compromised infrastructure

Resource Development
ย