| ID | Name |
|---|---|
| T1195.001 | Compromise Software Dependencies and Development Tools |
| T1195.002 | Compromise Software Supply Chain |
| T1195.003 | Compromise Hardware Supply Chain |
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims. [1]
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.