- Tactics
- Initial Access
- Platforms
- Linux, Windows, macOS
- Reference
- attack.mitre.org/techniques/T1195.002
Description
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Initial Access tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1078 — Valid Accounts
- T1091 — Replication Through Removable Media
- T1133 — External Remote Services
- T1189 — Drive-by Compromise
- T1190 — Exploit Public-Facing Application
- T1195 — Supply Chain Compromise
- T1199 — Trusted Relationship
- T1200 — Hardware Additions
- T1566 — Phishing
- T1659 — Content Injection
- T1669 — Wi-Fi Networks