Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018) (Citation: Command Five SK 2011)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CA-2 | Control Assessments | Protects | T1195.002 | Compromise Software Supply Chain | |
| CA-7 | Continuous Monitoring | Protects | T1195.002 | Compromise Software Supply Chain | |
| CM-11 | User-installed Software | Protects | T1195.002 | Compromise Software Supply Chain | |
| CM-7 | Least Functionality | Protects | T1195.002 | Compromise Software Supply Chain | |
| RA-10 | Threat Hunting | Protects | T1195.002 | Compromise Software Supply Chain | |
| RA-5 | Vulnerability Monitoring and Scanning | Protects | T1195.002 | Compromise Software Supply Chain | |
| SA-22 | Unsupported System Components | Protects | T1195.002 | Compromise Software Supply Chain | |
| SI-2 | Flaw Remediation | Protects | T1195.002 | Compromise Software Supply Chain |
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| azure_automation_update_management | Azure Automation Update Management | technique_scores | T1195.002 | Compromise Software Supply Chain |
Comments
This control provides coverage of some aspects of software supply chain compromise since it enables automated updates of software and rapid configuration change management.
References
|