T1195.003: Compromise Hardware Supply Chain

View on MITRE ATT&CK	T1195.003
Tactic(s)	Initial Access
Associated CAPEC Patterns	Design for FPGA Maliciously Altered (CAPEC-674) , Server Motherboard Compromise (CAPEC-677) , Malicious Logic Inserted Into Product by Authorized Developer (CAPEC-443) , Counterfeit Hardware Component Inserted During Product Assembly (CAPEC-520) , Malicious Hardware Component Replacement (CAPEC-522) , Requirements for ASIC Functionality Maliciously Altered (CAPEC-671) , Hardware Component Substitution During Baselining (CAPEC-516) , ASIC With Malicious Functionality (CAPEC-539) , Hardware Component Substitution (CAPEC-531) , Malicious Code Implanted During Chip Programming (CAPEC-672) , Infiltration of Hardware Development Environment (CAPEC-537) , Hardware Integrity Attack (CAPEC-440)

Data from MITRE ATT&CK®:

Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.

Cyber Threat Graph Context

Explore how this ATT&CK Technique relates to the wider threat graph

Mitigations for this technique

MITRE ATT&CK Mitigations

Boot Integrity

Use secure methods to boot a system and verify the integrity of the operating system and loading mechanisms.

How to detect this technique

MITRE ATT&CK Data Components

Host Status (Sensor Health)

Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)

SP800-53 Controls

See which controls can help protect against this MITRE ATT&CK technique. This is based on mappings to associated SP800-53 controls produced by the MITRE Engenuity Center for Threat-Informed Defense.

Node
SI-7: Software, Firmware, and Information Integrity
SC-34: Non-modifiable Executable Programs
CM-8: System Component Inventory
SI-2: Flaw Remediation
SA-11: Developer Testing and Evaluation
RA-9: Criticality Analysis
CM-3: Configuration Change Control
CM-5: Access Restrictions for Change
IA-7: Cryptographic Module Authentication
CA-8: Penetration Testing
SA-10: Developer Configuration Management