PREATTACK

Preattack is a term used in cybersecurity to describe the preparatory phase of an adversary’s operation, occurring before the first breach of a target network or system. It covers planning, information gathering, target selection, and the development of capabilities or infrastructure that enable later exploitation. The concept is often discussed in threat intelligence, risk assessment, and security operations as a way to understand how attackers prepare to attack. Some writers use “pre-attack” interchangeably with early-stage activities that precede infiltration.

Typical preattack activities include open-source intelligence collection about a target’s people, technologies, and networks; reconnaissance of

Framework references: MITRE Pre-ATT&CK documents pre-attack behaviors to help defenders model and mitigate threats before infiltration.

Defensive implications: identifying preattack indicators—such as unusual procurement patterns, new domain registrations linked to an organization,