Obtain Capabilities

Info

ID: AT-RD003
Tactic: Resource Development
Sub-techniques: Acquisition of Stolen Keys & Credentials, Exploits, Malware, Tool, Vulnerabilities
Platforms: PRE

Obtain Capabilities

Adversaries may acquire precompiled exploits, stolen credentials, or specialized intrusion kits through online criminal forums, private marketplaces, or direct partnerships with other threat groups. These resources can include zero-days discovered by third parties, leaked private keys, or advanced frameworks that enable multi-stage attacks. By importing established capabilities, adversaries reduce their development time and can focus on customizing the final intrusion chain.

Even commodity malware or widely known vulnerabilities can be effective when combined with strong reconnaissance data or unpatched systems. Once obtained, these tools are typically integrated into the attacker's broader strategy: for instance, a purchased exploit might open the initial foothold, while stolen cryptographic keys can facilitate lateral movement. If an organization relies on well-known cloud services or frameworks, obtaining a relevant exploit kit can prove decisive in achieving sustained compromise.