T1200 Hardware Additions Mappings

Adversaries may introduce computer accessories, computers, or networking hardware into a system or network that can be used as a vector to gain access. While public references of usage by APT groups are scarce, many penetration testers leverage hardware additions for initial access. Commercial and open source products are leveraged with capabilities such as passive network tapping (Citation: Ossmann Star Feb 2011), man-in-the middle encryption breaking (Citation: Aleks Weapons Nov 2015), keystroke injection (Citation: Hak5 RubberDuck Dec 2016), kernel memory reading via DMA (Citation: Frisk DMA August 2016), adding new wireless access to an existing network (Citation: McMillan Pwn March 2012), and others.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
AC-20 Use of External Systems Protects T1200 Hardware Additions
AC-3 Access Enforcement Protects T1200 Hardware Additions
AC-6 Least Privilege Protects T1200 Hardware Additions
MP-7 Media Use Protects T1200 Hardware Additions
SC-41 Port and I/O Device Access Protects T1200 Hardware Additions
CVE-2019-3717 Dell Client Commercial and Consumer platforms exploitation_technique T1200 Hardware Additions
CVE-2019-9019 n/a uncategorized T1200 Hardware Additions
action.hacking.vector.Physical access Physical access or connection (i.e., at keyboard or via cable) related-to T1200 Hardware Additions