Develop/Obtain Capabilities: Malicious supply chain capabilities

Other sub-techniques of Develop/Obtain Capabilities (9)

ID	Name
T2007.002	Code Signing Certificates
T2007.003	Digital Certificates
T2007.004	DSSS or Frequency hopping sequence
T2007.005	Malicious supply chain capabilities
T2007.006	Software vulnerabilities
T2007.008	Space Protocol Vulnerabilities
T2007.009	Tools for attacking space systems
T2007.010	TC/TM request forging
T2007.011	Cryptographic Keys

Obtain or create malicious capabilities inside hardware or software intended to be used in a specific project. Injecting the malicious HW/SW in the right place is difficult, is also difficult being sure that the part will be integrated in a system. ^[1]

ID: T2007.005

Sub-technique of: T2007

ⓘ

Tactic: Resource Development

ⓘ

Platforms: None

Version: 2.0

Created: 25 August 2022

Last Modified: 21 April 2023

Mitigations

ID	Mitigation	Description
M1045	Code signing
M2024	Supply chain confidence

References

CCSDS. (2022, February). REPORT CONCERNING SECURITY THREATS AGAINST SPACE MISSIONS, CCSDS 350.1-G-3. Retrieved September 29, 2022.