T1542.002 Component Firmware Mappings

Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to System Firmware but conducted upon other system components/devices that may not have the same capability or level of integrity checking.

Malicious component firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
action.malware.variety.Rootkit Rootkit (maintain local privileges and stealth) related-to T1542.002 Pre-OS Boot: Component Firmware