- Tactics
- Initial Access
- Platforms
- Linux, Windows, macOS
- Reference
- attack.mitre.org/techniques/T1195.002
Description
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Initial Access tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1078 — Valid Accounts
- T1091 — Replication Through Removable Media
- T1133 — External Remote Services
- T1189 — Drive-by Compromise
- T1190 — Exploit Public-Facing Application
- T1195 — Supply Chain Compromise
- T1199 — Trusted Relationship
- T1200 — Hardware Additions
- T1566 — Phishing
- T1659 — Content Injection
- T1669 — Wi-Fi Networks