- Tactics
- Initial Access
- Platforms
- Linux, macOS, Windows
- Reference
- attack.mitre.org/techniques/T1195.003
Description
Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.
How GTK Cyber trains on this
GTK Cyber's Threat Hunting with Data Science course teaches you to build machine-learning detections for techniques like this across the MITRE ATT&CK framework, including the Initial Access tactic this technique falls under. Practitioner-led, focused on real detections, not memorizing technique IDs.
Related techniques
- T1078 — Valid Accounts
- T1091 — Replication Through Removable Media
- T1133 — External Remote Services
- T1189 — Drive-by Compromise
- T1190 — Exploit Public-Facing Application
- T1195 — Supply Chain Compromise
- T1199 — Trusted Relationship
- T1200 — Hardware Additions
- T1566 — Phishing
- T1659 — Content Injection
- T1669 — Wi-Fi Networks