Dark Mode
Capec-673 Detail
Developer Signing Maliciously Altered Software
Detailed Supply Chain Software Likelihood: Medium Typical Severity: High
Parents: 444
Software produced by a reputable developer is clandestinely infected with malicious code and then digitally signed by the unsuspecting developer, where the software has been altered via a compromised software development or build process prior to being signed. The receiver or user of the software has no reason to believe that it is anything but legitimate and proceeds to deploy it to organizational systems. This attack differs from CAPEC-206, since the developer is inadvertently signing malicious code they believe to be legitimate and which they are unware of any malicious modifications.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-673 | capec | https://capec.mitre.org/data/definitions/673.html | |
| T1195.002 | ATTACK | https://attack.mitre.org/wiki/Technique/T1195/002 | Supply Chain Compromise: Compromise Software Supply Chain |
| REF-658 | reference_from_CAPEC | https://www.cisa.gov/sites/default/files/publications/defending_against_software_supply_chain_attacks_508_1.pdf | Defending Against Software Supply Chain Attacks, 2021--04, Cybersecurity and Infrastructure Security Agency (CISA) |
| REF-659 | reference_from_CAPEC | https://www.mitre.org/publications/technical-papers/deliver-uncompromised-securing-critical-software-supply-chains | Dr. Charles Clancy, Joe Ferraro, Robert A. Martin, Adam G. Pennington, Christopher L. Sledjeski, Dr. Craig J. Wiener, Deliver Uncompromised: Securing Critical Software Supply Chains, 2021--01, The MITRE Corporation |
Not present
- An adversary would need to have access to a targeted developer’s software development environment, including to their software build processes, where the adversary could ensure code maliciously tainted prior to a build process is included in software packages built.
Not present
| High |
|---|
| The adversary must have the skills to infiltrate a developer’s software development/build environment and to implant malicious code in developmental software code, a build server, or a software repository containing dependency code, which would be referenced to be included during the software build process. |
| Integrity | Authorization | Access Control | Confidentiality |
|---|---|---|---|
| Read Data | Gain Privileges | Gain Privileges | Read Data |
| Modify Data | Execute Unauthorized Commands | Execute Unauthorized Commands | Modify Data |
- An adversary who has infiltrated an organization’s build environment maliciously alters code intended to be included in a product’s software build via software dependency inclusion, part of the software build process. When the software product has been built, the developer electronically signs the finished product using their signing key. The recipient of the software product, an end user/customer, believes the software to reflect the developer’s intent with respect to functionality unaware of the adversary’s malicious intent harbored within.