Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018) (Citation: Command Five SK 2011)
View in MITRE ATT&CK®| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| CA-2 | Control Assessments | Protects | T1195.002 | Compromise Software Supply Chain |
| CA-7 | Continuous Monitoring | Protects | T1195.002 | Compromise Software Supply Chain |
| CM-11 | User-installed Software | Protects | T1195.002 | Compromise Software Supply Chain |
| CM-7 | Least Functionality | Protects | T1195.002 | Compromise Software Supply Chain |
| RA-10 | Threat Hunting | Protects | T1195.002 | Compromise Software Supply Chain |
| RA-5 | Vulnerability Monitoring and Scanning | Protects | T1195.002 | Compromise Software Supply Chain |
| SA-22 | Unsupported System Components | Protects | T1195.002 | Compromise Software Supply Chain |
| SI-2 | Flaw Remediation | Protects | T1195.002 | Compromise Software Supply Chain |
| action.hacking.vector.Partner | Partner connection or credential | related-to | T1195.002 | Supply Chain Compromise: Compromise Software Supply Chain |