Detailedlikelihood: Lowseverity: HighDraft

CAPEC-511Infiltration of Software Development Environment

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim manufacturer with the intent of implanting malware allowing for attack control of the victim IDE environment. The attack then uses this access to exfiltrate sensitive data or information, manipulate said data or information, and conceal these actions. This will allow and aid the attack to meet the goal of future compromise of a recipient of the victim's manufactured product further down in the supply chain.

MITRE ATT&CK crosswalk· 1

T1195.001: Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Related attack patterns· 1

CAPEC-444 (ChildOf)

Related to1

TypeTargetConfidenceTier
SubTechniqueCompromise Software Dependencies and Development Toolst1195.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Infiltration of Hardware Development Environment
CAPEC
Malicious Software Implanted
CAPEC
Infected Software
CAPEC
Software Development Tools Maliciously Altered
CAPEC
Code Injection
CAPEC
File Content Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.