MITRE ATT&CK  /  T1584.004

T1584.004

Server

Description

Adversaries may compromise third-party servers that can be used during targeting. Use of servers allows an adversary to stage, launch, and execute an operation. During post-compromise activity, adversaries may utilize servers for various tasks, including for Command and Control.(Citation: TrendMicro EarthLusca 2022) Instead of purchasing a [Server](https://attack.mitre.org/techniques/T1583/004) or [Virtual Private Server](https://attack.mitre.org/techniques/T1583/003), adversaries may compromise third-party servers in support of operations.Adversaries may also compromise web servers to support watering hole operations, as in [Drive-by Compromise](https://attack.mitre.org/techniques/T1189), or email servers to support [Phishing](https://attack.mitre.org/techniques/T1566) operations.

Platforms

Mitigations

• M1056 — Pre-compromise

Our coverage

• Screening Serpens: Iranian APT Fuses AppDomainManager Hijacking with New RATs in 2026 Espionage Campaign
• CVE-2026-9082: Critical Drupal SQL Injection Under Attack on Thousands of Sites
• Kali365 PhaaS Kit Bypasses Microsoft 365 MFA via Device Code Phishing — FBI Warning
• Megalodon: Supply Chain Attack Backdoors 5,561 GitHub Repos in Six Hours via CI/CD Workflow Injection
• Stack String Obfuscation in C: The Technique That Blinds AV, YARA, and Static Scanners

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →