Dark Mode

Settings

Capec-520 Detail

Counterfeit Hardware Component Inserted During Product Assembly

Detailed Supply Chain Likelihood: Low Typical Severity: High

Parents: 444

Threats: T62 T68 T274 T393

Description

An adversary with either direct access to the product assembly process or to the supply of subcomponents used in the product assembly process introduces counterfeit hardware components into product assembly. The assembly containing the counterfeit components results in a system specifically designed for malicious purposes.

Not present

External ID Source Link Description
CAPEC-520 capec https://capec.mitre.org/data/definitions/520.html
T1195.003 ATTACK https://attack.mitre.org/wiki/Technique/T1195/003 Supply Chain Compromise: Compromise Hardware Supply Chain
REF-439 reference_from_CAPEC http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation
REF-712 reference_from_CAPEC https://www.microsoft.com/security/blog/2020/02/03/guarding-against-supply-chain-attacks-part-2-hardware-risks/ Cristin Goodwin, Joram Borenstein, Guarding against supply chain attacks—Part 2: Hardware risks, 2020--02---03, Microsoft
REF-713 reference_from_CAPEC https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies Jordan Robertson, Michael Riley, The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, 2018--10---04, Bloomberg

Not present

  1. The adversary will need either physical access or be able to supply malicious hardware components to the product development facility.

Not present

High
Resources to physically infiltrate manufacturer or manufacturer's supplier.

Not present

  1. A manufacturer of a firewall system requires a hardware card which functions as a multi-jack ethernet card with four ethernet ports. The adversary constructs a counterfeit card that functions normally except that packets from the adversary's network are allowed to bypass firewall processing completely. Once deployed at a victim location, this allows the adversary to bypass the firewall unrestricted.
  2. In 2018 it was discovered that Chinese spies infiltrated several U.S. government agencies and corporations as far back as 2015 by including a malicious microchip within the motherboard of servers sold by Elemental Technologies to the victims. Although these servers were assembled via a U.S. based company, the motherboards used within the servers were manufactured and maliciously altered via a Chinese subcontractor. Elemental Technologies then sold these malicious servers to various U.S. government agencies, such as the DoD and CIA, and corporations like Amazon and Apple. The malicious microchip provided adversaries with a backdoor into the system, which further allowed them to access any network that contained the exploited systems, to exfiltrate data to be sent to the Chinese government.[REF-713]

We use cookies to ensure you get the best experience on our website.