T1542.002: Component Firmware

Data from MITRE ATT&CK®:

Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to System Firmware but conducted upon other system components/devices that may not have the same capability or level of integrity checking.

Malicious component firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.

© 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Update Software

Perform regular software updates to mitigate exploitation risk.

OS API Execution (Process)

Operating system function/method calls executed by a process

Firmware Modification (Firmware)

Changes made to firmware, including its settings and/or data, such as MBR (Master Boot Record) and VBR (Volume Boot Record)

Driver Metadata (Driver)

Contextual data about a driver and activity around it such as driver issues reporting or integrity (page hash, code) checking