1. Home
  2. ATT&CK Techniques
  3. T1495 Firmware Corruption

T1495 Firmware Corruption Mappings

Adversaries may overwrite or corrupt the flash memory contents of system BIOS or other firmware in devices attached to a system in order to render them inoperable or unable to boot.(Citation: Symantec Chernobyl W95.CIH) Firmware is software that is loaded and executed from non-volatile memory on hardware devices in order to initialize and manage device functionality. These devices could include the motherboard, hard drive, or video cards.

View in MITRE ATT&CK®

NIST 800-53 Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
AC-2 Account Management Protects T1495 Firmware Corruption
AC-3 Access Enforcement Protects T1495 Firmware Corruption
AC-5 Separation of Duties Protects T1495 Firmware Corruption
AC-6 Least Privilege Protects T1495 Firmware Corruption
CA-8 Penetration Testing Protects T1495 Firmware Corruption
CM-3 Configuration Change Control Protects T1495 Firmware Corruption
CM-5 Access Restrictions for Change Protects T1495 Firmware Corruption
CM-6 Configuration Settings Protects T1495 Firmware Corruption
CM-8 System Component Inventory Protects T1495 Firmware Corruption
IA-2 Identification and Authentication (organizational Users) Protects T1495 Firmware Corruption
IA-7 Cryptographic Module Authentication Protects T1495 Firmware Corruption
RA-9 Criticality Analysis Protects T1495 Firmware Corruption
SA-10 Developer Configuration Management Protects T1495 Firmware Corruption
SA-11 Developer Testing and Evaluation Protects T1495 Firmware Corruption
SI-2 Flaw Remediation Protects T1495 Firmware Corruption
SI-7 Software, Firmware, and Information Integrity Protects T1495 Firmware Corruption

VERIS Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
action.malware.variety.Destroy data Destroy or corrupt stored data related-to T1495 Firmware Corruption