The Targeted Attack Lifecycle is Mandiant’s interpretation of the attack lifecycle, which summarizes the stages of a red team engagement that offer insights of defensible areas to blue teamers. The stages of a targeted attack lifecycle are as follows:
- Initial reconnaissance: Investigate the target and develop method of intrusion.
- Initial compromise: Exploit target(s).
- Establish foothold: Maintain control access to exploited system through persistent backdoors.
- Escalate privileges: Obtain higher privileges by exploiting vulnerabilities and misconfigurations.
- Internal reconnaissance: Investigate target’s internal systems.
- Move laterally: Compromise additional systems with the high-privilege account obtained earlier.
- Maintain presence: Maintain high-privilege access to domains and systems.
- Complete mission: Complete mission objective.