- Tactics
- Initial Access
- Platforms
- Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1195.003
Description
Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.
How GTK Cyber trains on this
GTK Cyber's hands-on training programs cover detection engineering across the MITRE ATT&CK framework, including the Initial Access tactic this technique falls under. Our practitioner-led courses focus on building real detections, not just memorizing technique IDs.
Related techniques
- T1078 — Valid Accounts
- T1091 — Replication Through Removable Media
- T1133 — External Remote Services
- T1189 — Drive-by Compromise
- T1190 — Exploit Public-Facing Application
- T1195 — Supply Chain Compromise
- T1199 — Trusted Relationship
- T1200 — Hardware Additions
- T1566 — Phishing
- T1659 — Content Injection
- T1669 — Wi-Fi Networks