- Tactics
- Resource Development
- Platforms
- PRE
- Reference
- attack.mitre.org/techniques/T1584.004
Description
Adversaries may compromise third-party servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control.(Citation: TrendMicro EarthLusca 2022) Instead of purchasing a Server or Virtual Private Server, adversaries may compromise third-party servers in support of operations.
Adversaries may also compromise web servers to support watering hole operations, as in Drive-by Compromise, or email servers to support Phishing operations.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Resource Development tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.