To define Resource Development, the Mitre Att&ck Matrix has defined seven techniques to cover the Resource Development techniques used in a Cyber Attack.
Acquire Infrastructure. The Acquire Infrastructure technique is when a threat actor obtains some infrastructure temporarily to launch their Cyber Attack. This technique can increase the difficulty of tracking down the threat actor.
Compromise Accounts is the technique where a threat actor compromises legitimate accounts intending to launch an attack. A Cyber Attack will be easier to pull off when the victims think they are dealing with a legitimate user.
Compromise Infrastructure is where a threat actor compromises a network to stage another attack against a different organization. Doing this is one method to get past security mechanisms as well. If an organization expects traffic from an organization, it will be easier for an attack to go undetected.
Develop Capabilities is the technique when the threat actor has a target in mind but lacks the tools to achieve their goals. Threat actors utilize this technique to develop their tools.
Establish Accounts can also be a form of persistence. But for resource development, threat actors would create an account on some Dark Web data dump site to have a place to store data gained from a future cyber attack.
Obtain Capabilities is the technique when the threat actor decides to purchase or obtain tools sold on the market. Ransomware as a service is one example of this technique. In this example, the ransomware malware can be rented from another threat actor and is customized to fit the purchasing threat actor at the cost of a percentage of the ransom payment.
Stage Capabilities is the technique when a threat actor sets up the infrastructure they intend to use to launch a cyber attack. These tools are obtained during the Obtain Capabilities or Develop capabilities techniques.
When examining a Cyber Attack, you will likely find two or more of these techniques apply to the Cyber Attack under investigation.