Compromise Infrastructure: Server (T1584.004)

Tactic: Resource Development · Platforms: PRE

The interactive view maps 1 detection strategy, 1 mitigation, 10 threat groups, 6 campaigns to this technique, alongside D3FEND countermeasures and data-component coverage.

Sub-technique of Compromise Infrastructure (T1584).

Overview

Adversaries may compromise third-party servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control. Instead of purchasing a Server or Virtual Private Server, adversaries may compromise third-party servers in support of operations.

Adversaries may also compromise web servers to support watering hole operations, as in Drive-by Compromise, or email servers to support Phishing operations.

Explore