Description
Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.
Platforms
Mitigations (1)
Boot IntegrityM1046
Use Trusted Platform Module technology and a secure or trusted boot process to prevent system integrity from being compromised. Check the integrity of the existing BIOS or EFI to determine if it is vulnerable to modification. (Citation: TCG Trusted Platform Module) (Citation: TechNet Secure Boot Process)
Frequently Asked Questions
What is T1195.003 (Compromise Hardware Supply Chain)?
T1195.003 is a MITRE ATT&CK technique named 'Compromise Hardware Supply Chain'. It belongs to the Initial Access tactic(s). Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adv...
How can T1195.003 be detected?
Detection of T1195.003 (Compromise Hardware Supply Chain) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.
What mitigations exist for T1195.003?
There are 1 documented mitigations for T1195.003. Key mitigations include: Boot Integrity.
Which threat groups use T1195.003?
While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.