T1195.002SubTechniqueinitial-accessagent-callable

T1195.002Compromise Software Supply Chain

Sub-technique of T1195

Platforms: Linux · macOS · Windows

ATT&CK version: 14.1

What it is

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version. Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)

ATT&CK tactics· 1

Initial Access

References

  1. https://attack.mitre.org/techniques/T1195/002
  2. https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities
  3. https://www.commandfive.com/papers/C5_APT_SKHack.pdf
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.