ISR Concepts
This strategy may be the only option in a resource constrained or contested environment or during an integrated deterrence mission.
What is single source?
This malicious software allows attackers remote control over a compromised system, enabling data theft, surveillance, and further exploitation.
What are RATs?
This phase of the cycle identifies intelligence gaps and targets, production and/or submission of collection requirements.
What is a Request?
During this phase of the attack, adversaries expand control over the network using stolen credentials and token theft IOT gain domain admin privileges.
What is privilege escalation & lateral movement?
During this step, collection requests flow through the collection management process, the staffs communicate with HHQ to ensure they are accurately prioritized since some collection plans are complex and may require one collection to satisfy another.
What is Communicate?
This concept is used when the probability of mission success using one asset, with a certain capability, is low.
What is redundancy?
This is a targeted attack wherein adversaries compromise websites frequently visited by their victims IOT inject malware to specific organizations.
What is a watering hole attack?
This phase involves reporting or distributing relevant information to commanders, staffs, and other consumers.
What is dissemination?
What is establishing persistence?
In this step, after tracking collection requirements, the supported unit staffs and asset mission planners reach out to each other to perform more robust pre-mission coordination, allowing for adjustments to the collection activity prior to execution of the ISR mission.
What is refine?
This concept involves mixing different collection capabilities, with different requirements by overlapping, in time, within a defined geographic area. This achieves synergies in satisfying collection requirements.
What is layering?
When this protocol is poorly configured, it allows APT groups opportunities to exploit weakness to gain initial access to systems without being in the same area.
What is RDP?
In this phase, data is converted into a suitable format and transformed into information that can be readily used.
What is Exploit?
During this phase of the APT attack, adversaries attempt to gather intelligence about their targets before launching their offensive, often through OSINT avenues such as LinkedIn, company websites, or social media.
What is reconnaissance & target selection?
This step involves supporting units, which take direction from the supported unit, reach out for the current operations status, and provide input on current capabilities and limitations.
What is direct?
These collection techniques leverage numerous collection assets and capabilities against a known target set. They are usually conducted over a multi-day time period. The intent is to maximize the information collected over a specific period.
What is ISR soak/massing?
This cyberattack method uses stolen usernames and passwords (typically from breaches) to automatically test against various websites to gain access.
What is credential stuffing?
In this phase requests are evaluated and triaged against one another.
What is prioritization?
During this phase of the attack, adversaries may disable security logs, delete forensic evidence, or manipulate time stamps to obfuscate their presence.
What is covering tracks & maintaining access?
During this step the supported unit staffs fuse the collected information back into the planning cycle, which maximizes the impact of the entire process.
What is integrate?
This concept is an exchange of data between collection sensors or assets which drive additional collection from other sensors or assets on the same target leading to higher confidence reporting than a single asset can provide. There are two types: internal and external.
What is cross-cueing?
This malware enables nonstandard, cover, remote access IOT steal data and maintain persistent control over the compromised system.
What is a keyplug backdoor?
This phase involves Collection Operations Management (COM) authority tasks assets according to collection requirements.
What is task?
During this phase of the APT attack, adversaries often compress the desired data before sending it to external servers using channels such as dropbox, google drive, or GitHub.
What is data exfiltration & mission execution?
This step is after collection, when the supported unit staffs and PED units collaborate, ensuring the initial requirement has not changed and the requested ISR product will satisfy the requirement.
What is coordinate?