Skip to content

T1584.003 Virtual Private Server

Adversaries may compromise third-party Virtual Private Servers (VPSs) that can be used during targeting. There exist a variety of cloud service providers that will sell virtual machines/containers as a service. Adversaries may compromise VPSs purchased by third-party entities. By compromising a VPS to use as infrastructure, adversaries can make it difficult to physically tie back operations to themselves.1

Compromising a VPS for use in later stages of the adversary lifecycle, such as Command and Control, can allow adversaries to benefit from the ubiquity and trust associated with higher reputation cloud service providers as well as that added by the compromised third-party.

Item Value
ID T1584.003
Sub-techniques T1584.001, T1584.002, T1584.003, T1584.004, T1584.005, T1584.006, T1584.007
Tactics TA0042
Platforms PRE
Version 1.1
Created 01 October 2020
Last Modified 17 October 2021

Procedure Examples

ID Name Description
G0010 Turla Turla has used the VPS infrastructure of compromised Iranian threat actors.1


ID Mitigation Description
M1056 Pre-compromise This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.


ID Data Source Data Component
DS0035 Internet Scan Response Content