Supply Chain Compromise: Compromise Hardware Supply Chain

Adversaries may manipulate hardware components in products prior to receipt by a final consumer for the purpose of data or system compromise. By modifying hardware or firmware in the supply chain, adversaries can insert a backdoor into consumer networks that may be difficult to detect and give the adversary a high degree of control over the system. Hardware backdoors may be inserted into various devices, such as servers, workstations, network infrastructure, or peripherals.[1]

Mitigations

This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features.

Detection

Perform physical inspection of hardware to look for potential tampering. Perform integrity checking on pre-OS boot mechanisms that can be manipulated for malicious purposes.

References

Attachments

ID
VT0004.003
Sub-techniques
Tactic
Initial Access
Platforms
Linux
Windows
macOS
Data Sources
BIOS
Component firmware
Disk forensics
EFI
Version
1.0

Created: 01 December 2020

Last Modified: 20 December 2020