Supply Chain Compromise: Compromise Hardware Supply Chain

Other sub-techniques of Supply Chain Compromise (3)

ID	Name
T1474.001	Compromise Software Dependencies and Development Tools
T1474.002	Compromise Hardware Supply Chain
T1474.003	Compromise Software Supply Chain

Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system.

ID: T1474.002

Sub-technique of: T1474

Tactic Type: Post-Adversary Device Access

ⓘ

Tactic: Initial Access

ⓘ

Platforms: Android, iOS

ⓘ

MTC ID: SPC-1, SPC-2, SPC-4, SPC-5, SPC-6, SPC-7, SPC-8, SPC-13, SPC-16, SPC-17, SPC-21

Version: 1.1

Created: 28 March 2022

Last Modified: 20 March 2023

Mitigations

ID	Mitigation	Description
M1001	Security Updates	Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.

Detection

ID	Data Source	Data Component	Detects
DS0013	Sensor Health	Host Status	Integrity checking mechanisms can potentially detect unauthorized hardware modifications.