{'xhtml:p': 'An adversary with access to an organization\u00e2\u0080\u0099s software update infrastructure inserts malware into the content of an outgoing update to fielded systems where a wide range of malicious effects are possible. With the same level of access, the adversary can alter a software update to perform specific malicious acts including granting the adversary control over the software\u00e2\u0080\u0099s normal functionality.'}
Description
Attack Execution Flow
3
1
Step 1
Explore[Identify software with frequent updates] The adversary must first identify a target software that has updates at least with some frequency, enough that there is am update infrastructure.
AI Translation
[Identificare software con aggiornamenti frequenti] L'avversario deve prima identificare un software target che riceva aggiornamenti con una certa frequenza, abbastanza da avere un'infrastruttura di aggiornamento.
2
Step 2
Experiment[Gain access to udpate infrastructure] The adversary must then gain access to the organization's software update infrastructure. This can either be done by gaining remote access from outside the organization, or by having a malicious actor inside the organization gain access. It is often easier if someone within the organization gains access.
AI Translation
[Ottenere access all'infrastruttura di aggiornamento] L'avversario deve quindi ottenere l'accesso all'infrastruttura di aggiornamento del software dell'organizzazione. Questo può essere fatto sia ottenendo l'accesso remoto dall'esterno dell'organizzazione, sia facendo sì che un attore malevolo interno all'organizzazione ottenga l'accesso. Spesso è più facile se qualcuno all'interno dell'organizzazione ottiene l'accesso.
3
Step 3
Exploit[Alter the software update] Through access to the software update infrastructure, an adversary will alter the software update by injecting malware into the content of an outgoing update.
AI Translation
[Alterare l'aggiornamento del software] Attraverso l'accesso all'infrastruttura di aggiornamento del software, un adversary altererà l'aggiornamento del software iniettando malware nel contenuto di un aggiornamento in uscita.
Mitigations
2
Have A Software Assurance Plan That Includes Maintaining Strict Configuration Management Control Of Source Code, Object Code And Software Development, Build And Distribution Tools; Manual Code Reviews And Static Code Analysis For Developmental Software; And Tracking Of All Storage And Movement Of Code.
Require Elevated Privileges For Distribution Of Software And Software Updates.
Consequences
Security Scopes Affected
Access Control
Authorization
Confidentiality
Integrity
Potential Impacts
Execute Unauthorized Commands
Gain Privileges
Modify Data
Read Data
Relationships
Parent CAPECs
Related ATT&CK Techniques
1
T1195.002
Compromise Software Supply Chain
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. …