Resource Development
Ahead of the actual attack, the adversary establishes resources to aid their operations against the primary targeted victim.
In the Resource Development phase, the adversary will acquire resources (such as credentials, infrastructure or payment details) that they will then be able to use in later stages against the primary target of the attack. This stage is "pre-attack" as it impacts third parties who are not the intended target - for instance the adversary may acquire or access a botnet which they then use to launch attacks against the primary victim