An attacker uses common delivery mechanisms such as email attachments or removable media to infiltrate the IDE (Integrated Development Environment) of a victim manufacturer with the intent of implanting malware allowing for attack control of the victim IDE environment. The attack then uses this access to exfiltrate sensitive data or information, manipulate said data or information, and conceal these actions. This will allow and aid the attack to meet the goal of future compromise of a recipient of the victim's manufactured product further down in the supply chain.

Not present

Not present

1. The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).
2. The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.
3. The attacker must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure.

Not present

Not present

1. The attacker, knowing the victim runs email on a system adjacent to the IDE system, sends a phishing email with a malicious attachment to the victim. When viewed, the malicious attachment installs a backdoor that allows the attacker to remotely compromise the adjacent IDE system from the victim's workstation. The attacker is then able to exfiltrate sensitive data about the software being developed on the IDE system.
2. Using rogue versions of Xcode (Apple's app development tool) downloaded from third-party websites, it was possible for the adversary to insert malicious code into legitimate apps during the development process.