Common Information
| Type | Value |
|---|---|
| Value |
Supply Chain Compromise - T1195 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including: * Manipulation of development tools * Manipulation of a development environment * Manipulation of source code repositories (public or private) * Manipulation of software update/distribution mechanisms * Compromised/infected system images (multiple cases of removable media infected at the factory) * Replacement of legitimate software with modified versions * Sales of modified/counterfeit products to legitimate distributors * Shipment interdiction While supply chain compromise can impact any component of hardware or software, attackers looking to gain execution have often focused on malicious additions to legitimate software in software distribution or update channels. (Citation: Avast CCleaner3 2018) (Citation: Microsoft Dofoil 2018) (Citation: Command Five SK 2011) Targeting may be specific to a desired victim set (Citation: Symantec Elderwood Sept 2012) or malicious software may be distributed to a broad set of consumers but only move on to additional tactics on specific victims. (Citation: Avast CCleaner3 2018) (Citation: Command Five SK 2011) Detection: Use verification of distributed binaries through hash checking or other integrity checking mechanisms. Scan downloads for malicious signatures and attempt to test software and updates prior to deployment while taking note of potential suspicious activity. Perform physical inspection of hardware to look for potential tampering. Platforms: Linux, Windows, macOS Data Sources: Web proxy, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-01-29 | 3 | Feeding from the trust economy: social engineering fraud | ||
| Details | Website | 2024-01-26 | 56 | Ransomware Roundup - Albabat | FortiGuard Labs | ||
| Details | Website | 2024-01-01 | 0 | Blog, News & Press Releases - Field Effect | Elena Lapina | ||
| Details | Website | 2023-12-13 | 7 | Russian Foreign Intelligence Service (SVR) Cyber Actors Use JetBrains TeamCity CVE in Global Targeting | ||
| Details | Website | 2023-12-12 | 9 | Top 10 Cyber Threats of 2023 | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-15 | 0 | Hidden Vulnerabilities | Effective Third-Party Risk Management in the Age of Supply Chain Attacks | ||
| Details | Website | 2023-11-14 | 19 | Ransomware Roundup – NoEscape | FortiGuard Labs | ||
| Details | Website | 2023-10-25 | 7 | On Threat Actors' Radar: PoC Exploits for VMware Aria Operations Vulnerability (CVE-2023-34051), and More | ||
| Details | Website | 2023-10-24 | 23 | Security Breach in Okta Support System Continues Sparking Concerns: Cloudflare and 1Password Share Disclosures | ||
| Details | Website | 2023-10-20 | 3 | The Largest Cyberattacks of 2023 | ||
| Details | Website | 2023-10-18 | 20 | Multiple North Korean threat actors exploiting the TeamCity CVE-2023-42793 vulnerability | Microsoft Security Blog | ||
| Details | Website | 2023-10-12 | 47 | Ransomware Roundup - Akira | FortiGuard Labs | ||
| Details | Website | 2023-10-12 | 57 | Bluepurple Pulse: week ending October 15th | ||
| Details | Website | 2023-10-12 | 57 | Bluepurple Pulse: week ending October 15th | ||
| Details | Website | 2023-10-06 | 0 | Android Devices With Backdoored Firmware Found in US Schools | ||
| Details | Website | 2023-10-05 | 24 | Exposing Infection Techniques Across Supply Chains and Codebases | ||
| Details | Website | 2023-10-03 | 0 | Charting New Terrain: The Shift to Resilience and Proximity in Cyber Risk | ||
| Details | Website | 2023-10-01 | 0 | Looking Ahead: Highlights from ENISA's Foresight 2030 Report | ||
| Details | Website | 2023-09-28 | 1 | Machine Learning in Cybersecurity: Clustering for Threat Detection | ||
| Details | Website | 2023-09-21 | 14 | Ransomware Roundup - Retch and S.H.O. | FortiGuard Labs | ||
| Details | Website | 2023-08-31 | 14 | Ransomware Roundup - Rhysida | FortiGuard Labs | ||
| Details | Website | 2023-08-30 | 0 | Revisiting Traditional Security Advice for Modern Threats | Mandiant | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-23 | 0 | Cyber Supply Chain Risk Management: Challenges and Best Practices |