Common Information
| Type | Value |
|---|---|
| Value |
Supply Chain Compromise - T1195 |
| Category | Attack-Pattern |
| Type | Mitre-Enterprise-Attack-Attack-Pattern |
| Misp Type | Cluster |
| Description | Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise can take place at any stage of the supply chain including: * Manipulation of development tools * Manipulation of a development environment * Manipulation of source code repositories (public or private) * Manipulation of software update/distribution mechanisms * Compromised/infected system images (multiple cases of removable media infected at the factory) * Replacement of legitimate software with modified versions * Sales of modified/counterfeit products to legitimate distributors * Shipment interdiction While supply chain compromise can impact any component of hardware or software, attackers looking to gain execution have often focused on malicious additions to legitimate software in software distribution or update channels. (Citation: Avast CCleaner3 2018) (Citation: Microsoft Dofoil 2018) (Citation: Command Five SK 2011) Targeting may be specific to a desired victim set (Citation: Symantec Elderwood Sept 2012) or malicious software may be distributed to a broad set of consumers but only move on to additional tactics on specific victims. (Citation: Avast CCleaner3 2018) (Citation: Command Five SK 2011) Detection: Use verification of distributed binaries through hash checking or other integrity checking mechanisms. Scan downloads for malicious signatures and attempt to test software and updates prior to deployment while taking note of potential suspicious activity. Perform physical inspection of hardware to look for potential tampering. Platforms: Linux, Windows, macOS Data Sources: Web proxy, File monitoring |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-08-08 | 0 | History and Evolution of Software Supply Chain Attacks | ||
| Details | Website | 2023-08-03 | 20 | Ransomware Roundup - DoDo and Proton | FortiGuard Labs | ||
| Details | Website | 2023-07-26 | 0 | Supply Chain, Open Source Pose Major Challenge to AI Systems | ||
| Details | Website | 2023-07-25 | 4 | North Korean Nation-State Actors Exposed in JumpCloud Hack After OPSEC Blunder | ||
| Details | Website | 2023-07-24 | 61 | North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack | Mandiant | ||
| Details | Website | 2023-07-21 | 32 | Ransomware Roundup - Cl0p | FortiGuard Labs | ||
| Details | Website | 2023-07-20 | 0 | Exploring the macro shifts in enterprise security - Help Net Security | ||
| Details | Website | 2023-07-18 | 20 | Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant | ||
| Details | Website | 2023-07-17 | 0 | Federal CI/CD security guidance: Been there, done that | ||
| Details | Website | 2023-07-14 | 0 | How Hackers Can Hijack a Satellite | ||
| Details | Website | 2023-07-13 | 3 | Cyber Security Awareness — Recognizing and Understanding Email Attacks | ||
| Details | Website | 2023-07-11 | 1 | Mastodon Patches 4 Bugs, but Is the Twitter Killer Safe to Use? | ||
| Details | Website | 2023-07-10 | 98 | Meet LockBit: The Most Prevalent Ransomware in 2022 | FortiGuard Labs | ||
| Details | Website | 2023-07-06 | 6 | Ransomware Roundup - Rancoz | FortiGuard Labs | ||
| Details | Website | 2023-07-06 | 27 | Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks | ||
| Details | Website | 2023-07-05 | 0 | Attacks Against OT & Industrial Organizations Are on the Rise | ||
| Details | Website | 2023-06-29 | 0 | NSA and CISA Release Guidelines to Secure CI/CD Environments | ||
| Details | Website | 2023-06-27 | 2 | A Double Supply Chain Attack and The Importance of TPRM - Security Boulevard | ||
| Details | Website | 2023-06-27 | 5 | Credential Theft Attacks Surge: Microsoft Raises Red Flag on Midnight Blizzard (APT29) | ||
| Details | Website | 2023-06-26 | 6 | Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers | ||
| Details | Website | 2023-06-26 | 6 | Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers - RedPacket Security | ||
| Details | Website | 2023-06-22 | 1 | Millions of GitHub repos likely vulnerable to RepoJacking, researchers say - RedPacket Security | ||
| Details | Website | 2023-06-22 | 126 | Ransomware Roundup - Black Basta | FortiGuard Labs | ||
| Details | Website | 2023-06-22 | 4 | Insights from CLOP’s MOVEit Extortion Attack | ||
| Details | Website | 2023-06-16 | 14 | Ransomware Roundup — Big Head | FortiGuard Labs |