T1584.003: Virtual Private Server

View on MITRE ATT&CK	T1584.003
Tactic(s)	Resource Development

Data from MITRE ATT&CK®:

Adversaries may compromise third-party Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. Adversaries may compromise VPSs purchased by third-party entities. By compromising a VPS to use as infrastructure, adversaries can make it difficult to physically tie back operations to themselves.(Citation: NSA NCSC Turla OilRig)

Compromising a VPS for use in later stages of the adversary lifecycle, such as Command and Control, can allow adversaries to benefit from the ubiquity and trust associated with higher reputation cloud service providers as well as that added by the compromised third-party.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Mitigations for this technique

MITRE ATT&CK Mitigations

Pre-compromise

This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

How to detect this technique

MITRE ATT&CK Data Components

Response Metadata (Internet Scan)

Contextual data about an Internet-facing resource gathered from a scan, such as running services or ports

Response Content (Internet Scan)

Logged network traffic in response to a scan showing both protocol header and body values