Dark Mode
Capec-533 Detail
Malicious Manual Software Update
Detailed Social Engineering Supply Chain Software Likelihood: Low Typical Severity: High
Parents: 186
Threats: T62 T79 T257 T260 T262 T269 T270 T271 T272 T273 T287 T290 T301 T304 T306 T337 T391 T406
An attacker introduces malicious code to the victim's system by altering the payload of a software update, allowing for additional compromise or site disruption at the victim location. These manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user to click a URL. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Spamming, for example, is a common method employed as an secondary attack vector. Thus the attacker has in their arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-533 | capec | https://capec.mitre.org/data/definitions/533.html | |
| CWE-494 | cwe | http://cwe.mitre.org/data/definitions/494.html | |
| REF-710 | reference_from_CAPEC | https://www.msn.com/en-us/news/technology/fake-microsoft-update-used-in-malicious-email-attack-campaign/ar-AALTcVs | Sean Endicott, Fake Microsoft update used in malicious email attack campaign, 2021--07, Microsoft News |
Not present
- Advanced knowledge about the download and update installation processes.
- Advanced knowledge about the deployed system and its various software subcomponents and processes.
Not present
| High |
|---|
| Able to develop malicious code that can be used on the victim's system while maintaining normal functionality. |
Not present
- An email campaign was initiated, targetting victims of a ransomware attack. The email claimed to be a patch to address the ransomware attack, but was instead an attachment that caused the Cobalt Strike tools to be installed, which enabled further attacks.