Detailedlikelihood: Lowseverity: HighDraft

CAPEC-670Software Development Tools Maliciously Altered

Abstraction
Detailed
Status
Draft
Likelihood
Low
Severity
High

Description

An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.

MITRE ATT&CK crosswalk· 2

T1127: Trusted Developer Utilities Proxy ExecutionT1195.001: Supply Chain Compromise: Compromise Software Dependencies and Development Tools

Related attack patterns· 2

CAPEC-444 (ChildOf)CAPEC-669 (CanPrecede)

Related to2

TypeTargetConfidenceTier
TechniqueTrusted Developer Utilities Proxy Executiont1127100%live
SubTechniqueCompromise Software Dependencies and Development Toolst1195.001100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Development Alteration
CAPEC
Infiltration of Hardware Development Environment
CAPEC
Design Alteration
CAPEC
Documentation Alteration to Cause Errors in System Design
CAPEC
Software Integrity Attack
CAPEC
Infiltration of Software Development Environment
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.