T1195.001: Compromise Software Dependencies and Development Tools

View on MITRE ATT&CK T1195.001
Tactic(s) Initial Access
Associated CAPEC Patterns Infiltration of Software Development Environment (CAPEC-511) , Malicious Logic Insertion into Product Software via Configuration Management Manipulation (CAPEC-445) , Software Development Tools Maliciously Altered (CAPEC-670) , Repo Jacking (CAPEC-695) , Spoof Open-Source Software Metadata (CAPEC-691) , Infected Software (CAPEC-442) , Open-Source Library Manipulation (CAPEC-538)

Data from MITRE ATT&CK®:

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software to function properly. Popular open source projects that are used as dependencies in many applications may be targeted as a means to add malicious code to users of the dependency.(Citation: Trendmicro NPM Compromise)

Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Mitigations for this technique

MITRE ATT&CK Mitigations

How to detect this technique

MITRE ATT&CK Data Components

Sigma Detections for this Technique

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
CM-11: User-installed Software
SA-22: Unsupported System Components
RA-10: Threat Hunting
CA-7: Continuous Monitoring
CA-2: Control Assessments
RA-5: Vulnerability Monitoring and Scanning
SI-2: Flaw Remediation
CM-7: Least Functionality