Dark Mode

Settings

Capec-537 Detail

Infiltration of Hardware Development Environment

Detailed Supply Chain Hardware Likelihood: Low Typical Severity: High

Parents: 444

Threats: T62 T68 T274 T393

Description

An adversary, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.

Not present

External ID Source Link Description
CAPEC-537 capec https://capec.mitre.org/data/definitions/537.html
T1195.003 ATTACK https://attack.mitre.org/wiki/Technique/T1195/003 Supply Chain Compromise: Compromise Hardware Supply Chain
REF-439 reference_from_CAPEC http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation
REF-712 reference_from_CAPEC https://www.microsoft.com/security/blog/2020/02/03/guarding-against-supply-chain-attacks-part-2-hardware-risks/ Cristin Goodwin, Joram Borenstein, Guarding against supply chain attacks—Part 2: Hardware risks, 2020--02---03, Microsoft

Not present

  1. The victim must use email or removable media from systems running the IDE (or systems adjacent to the IDE systems).
  2. The victim must have a system running exploitable applications and/or a vulnerable configuration to allow for initial infiltration.
  3. The adversary must have working knowledge of some if not all of the components involved in the IDE system as well as the infrastructure.

Not present

High Medium
Development skills to construct malicious attachments that can be used to exploit vulnerabilities in typical desktop applications or system configurations. The malicious attachments should be crafted well enough to bypass typical defensive systems (IDS, anti-virus, etc)
Intelligence about the manufacturer's operating environment and infrastructure.

Not present

  1. The adversary, knowing the manufacturer runs email on a system adjacent to the hardware development systems used for hardware and/or firmware design, sends a phishing email with a malicious attachment to the manufacturer. When viewed, the malicious attachment installs a backdoor that allows the adversary to remotely compromise the adjacent hardware development system from the manufacturer's workstation. The adversary is then able to exfiltrate and alter sensitive data on the hardware system, allowing for future compromise once the developed system is deployed at the victim location.

We use cookies to ensure you get the best experience on our website.