Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| DE.CM-09.02 | Hardware integrity checking | Mitigates | T1195.003 | Compromise Hardware Supply Chain |
Comments
This diagnostic statement provides protection from Compromise Hardware Supply Chain through the implementation of integrity checking mechanisms. For example, integrity checking mechanisms to verify the operating system, software, firmware, and information integrity before loading it prevents abuse by a threat actor.
References
|
| EX.MM-01.01 | Third-party monitoring and management resources | Mitigates | T1195.003 | Compromise Hardware Supply Chain |
Comments
This diagnostic statement protects against Supply Chain Compromise through the implementation of procedures for management of third party products.
References
|