Dark Mode

Settings

Capec-538 Detail

Open-Source Library Manipulation

Detailed Software Likelihood: Low Typical Severity: High

Parents: 444

Threats: T62 T68 T274 T393

Description

Adversaries implant malicious code in open source software (OSS) libraries to have it widely distributed, as OSS is commonly downloaded by developers and other users to incorporate into software development projects. The adversary can have a particular system in mind to target, or the implantation can be the first stage of follow-on attacks on many systems.

Not present

External ID Source Link Description
CAPEC-538 capec https://capec.mitre.org/data/definitions/538.html
CWE-494 cwe http://cwe.mitre.org/data/definitions/494.html
CWE-829 cwe http://cwe.mitre.org/data/definitions/829.html
T1195.001 ATTACK https://attack.mitre.org/wiki/Technique/T1195/001 Supply Chain Compromise: Software Dependencies and Development Tools
REF-439 reference_from_CAPEC http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation
Explore

  1. Determine the relevant open-source code project to target: The adversary will make the selection based on various criteria:

Experiment

  1. Develop a plan for malicious contribution: The adversary develops a plan to contribute malicious code, taking the following into consideration:

Exploit

  1. Execute the plan for malicious contribution: Write the code to be contributed based on the plan and then submit the contribution. Multiple commits, possibly using multiple identities, will help obscure the attack. Monitor the contribution site to try to determine if the code has been uploaded to the target system.

  1. Access to the open source code base being used by the manufacturer in a system being developed or currently deployed at a victim location.

Not present

High
Advanced knowledge about the inclusion and specific usage of an open source code project within system being targeted for infiltration.

Not present

  1. An adversary with access to an open source code project introduces a hard-to- find bug in the software that allows under very specific conditions for encryption to be disabled on data streams. The adversary commits the change to the code which is picked up by a manufacturer who develops VPN software. It is eventually deployed at the victim's location where the very specific conditions are met giving the adversary the ability to sniff plaintext traffic thought to be encrypted. This can provide to the adversary access to sensitive data of the victim.

We use cookies to ensure you get the best experience on our website.