Preparation Phase
The pre-engagement phase of cyber operations performed by threat actors. It consists of the following stages:
Intel Gathering
The earliest stage of preparation is the collection stage. It consists of two major parts, mainly what data is available and what data can be collected via reconnaissance.
Research
Attacker research follows collection and feeds back to collection based on the gaps defined and connection made. For example, this is where the discovery that a victim uses Fortinet feeds back to criminal collection to find out more via tools but also what is available in the criminal marketplace.
In short, here is where criminals connect and correlate what they know and begin to start crafting the plan of attack.
Ops Planning
Armed with appropriate data, a plan to attack is constructed, the conception of attacking a victim firmed up and fortified with key data points.
Logistics
With a plan in hand, the assets, services, and resources are planned, resourced and acquired.
Assembly
Finally, everything is resourced and staged, put in place to begin the engagement.