Dark Mode
Capec-670 Detail
Software Development Tools Maliciously Altered
Detailed Supply Chain Software Likelihood: Low Typical Severity: High
Parents: 444
An adversary with the ability to alter tools used in a development environment causes software to be developed with maliciously modified tools. Such tools include requirements management and database tools, software design tools, configuration management tools, compilers, system build tools, and software performance testing and load testing tools. The adversary then carries out malicious acts once the software is deployed including malware infection of other systems to support further compromises.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-670 | capec | https://capec.mitre.org/data/definitions/670.html | |
| T1127 | ATTACK | https://attack.mitre.org/wiki/Technique/T1127 | Trusted Developer Utilities Proxy Execution |
| T1195.001 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/001 | Supply Chain Compromise: Compromise Software Dependencies and Development Tools |
| REF-660 | reference_from_CAPEC | https://docplayer.net/13041016-Supply-chain-attack-patterns-framework-and-catalog.html | Melinda Reed, John F. Miller, Paul Popick, Supply Chain Attack Patterns: Framework and Catalog, 2014--08, Office of the Assistant Secretary of Defense for Research and Engineering |
| REF-439 | reference_from_CAPEC | http://www.mitre.org/sites/default/files/publications/supply-chain-attack-framework-14-0228.pdf | John F. Miller, Supply Chain Attack Framework and Attack Patterns, 2013, The MITRE Corporation |
| REF-667 | reference_from_CAPEC | https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html | Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor, 2020--12---13, Schneier on Security |
Not present
- An adversary would need to have access to a targeted developer’s development environment and in particular to tools used to design, create, test and manage software, where the adversary could ensure malicious code is included in software packages built through alteration or substitution of tools in the environment used in the development of software.
Not present
| High |
|---|
| Ability to leverage common delivery mechanisms (e.g., email attachments, removable media) to infiltrate a development environment to gain access to software development tools for the purpose of malware insertion into an existing tool or replacement of an existing tool with a maliciously altered copy. |
| Integrity | Access Control | Confidentiality |
|---|---|---|
| Execute Unauthorized Commands | Gain Privileges | Modify Data |
| Read Data |
- An adversary with access to software build tools inside an Integrated Development Environment IDE alters a script used for downloading dependencies from a dependent code repository where the script has been changed to include malicious code implanted in the repository by the adversary.