Initial compromise refers to the first step taken by an attacker to gain unauthorized access to a system or network. It is the point at which the attacker successfully breaches the security defenses and gains a foothold within the targeted environment.
An example of an initial compromise could be a phishing attack. In this scenario, the attacker sends a convincing email to a target, pretending to be a legitimate entity such as a bank or a popular online service. The email may contain a link or an attachment that, when clicked or opened, installs malware on the victim's computer.
Once the malware is executed, it establishes a connection between the victim's computer and the attacker's command and control server. This connection allows the attacker to remotely control the compromised system and further exploit it to gain access to the target's network.
At this stage, the attacker has successfully achieved the initial compromise by tricking the victim into executing the malicious payload. They now have a foothold within the target's environment and can proceed with their malicious activities, such as stealing sensitive data, spreading malware, or launching further attacks.