Several months prior to a confirmed compromise, security telemetry at a semiconductor manufacturer in Phoenix, Arizona showed systematic intelligence gathering focused on executive leadership, research engineers, and publicly exposed infrastructure.
Subsequent investigation determined that the adversary had assembled customized exploit frameworks, tested malware variants against commercial defensive products in isolated environments, and mapped externally accessible services associated with the organization.
These activities were part of a coordinated strategy developed well before any credential abuse or lateral movement was observed.
Determine the APT lifecycle stage represented by these actions.
Submit