Skip to main content
MuonPartners
Services
Architecture

Solution design and technology roadmapping

Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security

Security assessments, IAM, and compliance

AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform

Network architecture and cloud platforms

Network DesignCloud StrategyModernisation
Enterprise Architecture

Business-technology alignment

Business AlignmentPortfolio AnalysisGovernance
View all services
ProjectsCase StudiesInsightsToolsAbout
Contact Us

Services

Architecture
Solution AssessmentTechnology RoadmapsIntegration DesignSolution ArchitectureTechnical Design
Cyber Security
AssessmentsIAMComplianceSecurity BaselineCyber Innovation
Network and Platform
Network DesignCloud StrategyModernisation
Enterprise Architecture
Business AlignmentPortfolio AnalysisGovernance
ProjectsCase StudiesInsightsToolsAboutContact
Get in Touch
MuonPartners

Strategic technology consulting for Australian organisations navigating complexity.

Services

  • Architecture
  • Cyber Security
  • Network and Platform
  • Enterprise Architecture

Company

  • About
  • Products
  • Frameworks
  • Cross-Framework Mapping
  • Projects
  • Case Studies
  • Insights
  • Contact

Contact

  • [email protected]
  • Australia
  • LinkedIn

© 2026 Muon Partners. All rights reserved.

ABN 50 669 022 315 · A Muon Group company.

Privacy PolicyTerms of Service
  1. Frameworks
  2. >ATTACK
  3. >Resource Development
  4. >ATTACK-T1584.008
ATTACK-T1584.008Active

Network Devices

Statement

Adversaries may compromise third-party network devices that can be used during targeting. Network devices, such as small office/home office (SOHO) routers, may be compromised where the adversary's ultimate goal is not Initial Access to that environment, but rather to leverage these devices to support additional targeting.

Once an adversary has control, compromised network devices can be used to launch additional operations, such as hosting payloads for Phishing campaigns (i.e., Link Target) or enabling the required access to execute Content Injection operations. Adversaries may also be able to harvest reusable credentials (i.e., Valid Accounts) from compromised network devices.

Adversaries often target Internet-facing edge devices and related network appliances that specifically do not support robust host-based defenses.(Citation: Mandiant Fortinet Zero Day)(Citation: Wired Russia Cyberwar)

Compromised network devices may be used to support subsequent Command and Control activity, such as Hide Infrastructure through an established Proxy and/or Botnet network.(Citation: Justice GRU 2024)

Location

Tactic
Resource Development

Technique Details

Identifier
ATTACK-T1584.008
Parent Technique
ATTACK-T1584
ATT&CK Page
View on MITRE

Tactics

Resource Development

Platforms

PRE

Detection

Detection of Network Devices

Mitigations

Pre-compromise: Pre-compromise mitigations involve proactive measures and defenses implemented to prevent adversaries from successfully identifying and exploiting weaknesses during the Reconnaissance and Resource Development phases of an attack. These activities focus on reducing an organization's attack surface, identify adversarial preparation efforts, and increase the difficulty for attackers to conduct successful operations. This mitigation can be implemented through the following measures:

Limit Information Exposure:

  • Regularly audit and sanitize publicly available data, including job posts, websites, and social media.
  • Use tools like OSINT monitoring platforms (e.g., SpiderFoot, Recon-ng) to identify leaked information.

Protect Domain and DNS Infrastructure:

  • Enable DNSSEC and use WHOIS privacy protection.
  • Monitor for domain hijacking or lookalike domains using services like RiskIQ or DomainTools.

External Monitoring:

  • Use tools like Shodan, Censys to monitor your external attack surface.
  • Deploy external vulnerability scanners to proactively address weaknesses.

Threat Intelligence:

  • Leverage platforms like MISP, Recorded Future, or Anomali to track adversarial infrastructure, tools, and activity.

Content and Email Protections:

  • Use email security solutions like Proofpoint, Microsoft Defender for Office 365, or Mimecast.
  • Enforce SPF/DKIM/DMARC policies to protect against email spoofing.

Training and Awareness:

  • Educate employees on identifying phishing attempts, securing their social media, and avoiding information leaks.

No cross-framework mappings available

← Back to Resource Development
Resource Development47 controls
ATTACK-T1583Acquire InfrastructureATTACK-T1583.001DomainsATTACK-T1583.002DNS ServerATTACK-T1583.003Virtual Private ServerATTACK-T1583.004ServerATTACK-T1583.005BotnetATTACK-T1583.006Web ServicesATTACK-T1583.007ServerlessATTACK-T1583.008MalvertisingATTACK-T1584Compromise InfrastructureATTACK-T1584.001DomainsATTACK-T1584.002DNS ServerATTACK-T1584.003Virtual Private ServerATTACK-T1584.004ServerATTACK-T1584.005BotnetATTACK-T1584.006Web ServicesATTACK-T1584.007ServerlessATTACK-T1584.008Network DevicesATTACK-T1585Establish AccountsATTACK-T1585.001Social Media AccountsATTACK-T1585.002Email AccountsATTACK-T1585.003Cloud AccountsATTACK-T1586Compromise AccountsATTACK-T1586.001Social Media AccountsATTACK-T1586.002Email AccountsATTACK-T1586.003Cloud AccountsATTACK-T1587Develop CapabilitiesATTACK-T1587.001MalwareATTACK-T1587.002Code Signing CertificatesATTACK-T1587.003Digital CertificatesATTACK-T1587.004ExploitsATTACK-T1588Obtain CapabilitiesATTACK-T1588.001MalwareATTACK-T1588.002ToolATTACK-T1588.003Code Signing CertificatesATTACK-T1588.004Digital CertificatesATTACK-T1588.005ExploitsATTACK-T1588.006VulnerabilitiesATTACK-T1588.007Artificial IntelligenceATTACK-T1608Stage CapabilitiesATTACK-T1608.001Upload MalwareATTACK-T1608.002Upload ToolATTACK-T1608.003Install Digital CertificateATTACK-T1608.004Drive-by TargetATTACK-T1608.005Link TargetATTACK-T1608.006SEO PoisoningATTACK-T1650Acquire Access