T1542.002SubTechniquepersistencedefense-evasionagent-callable

T1542.002Component Firmware

Sub-technique of T1542

Platforms: Windows · Linux · macOS

ATT&CK version: 14.1

What it is

Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to [System Firmware](https://attack.mitre.org/techniques/T1542/001) but conducted upon other system components/devices that may not have the same capability or level of integrity checking. Malicious component firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.

ATT&CK tactics· 2

PersistenceDefense Evasion

References

  1. https://attack.mitre.org/techniques/T1542/002
  2. https://www.smartmontools.org/
  3. https://www.itworld.com/article/2853992/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html
Sourced from MITRE ATT&CK Enterprise v14.1. Curated and contextualized for EU compliance use cases by Adam Lundqvist, Founder at SQUR.