T1474.003 Compromise Software Supply Chain
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Item | Value |
---|---|
ID | T1474.003 |
Sub-techniques | T1474.001, T1474.002, T1474.003 |
Tactics | TA0027 |
Platforms | Android, iOS |
Version | 1.1 |
Created | 28 March 2022 |
Last Modified | 20 March 2023 |
Procedure Examples
ID | Name | Description |
---|---|---|
S0309 | Adups | Adups was pre-installed on Android devices from some vendors.76 |
S0319 | Allwinner | A Linux kernel distributed by Allwinner reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.1 |
S0555 | CHEMISTGAMES | CHEMISTGAMES has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.5 |
S0328 | Stealth Mango | In at least one case, Stealth Mango may have been installed using physical access to the device by a repair shop.2 |
S0424 | Triada | Triada was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.43 |
Mitigations
ID | Mitigation | Description |
---|---|---|
M1001 | Security Updates | Security updates may contain patches that inhibit system software compromises. |
M1004 | System Partition Integrity | Ensure Verified Boot is enabled on devices with that capability. |
Detection
ID | Data Source | Data Component |
---|---|---|
DS0041 | Application Vetting | API Calls |
DS0013 | Sensor Health | Host Status |
References
-
Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018. ↩
-
Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018. ↩
-
Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019. ↩
-
Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019. ↩
-
B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020. ↩
-
Jeremy Kirk. (2016, November 16). Why Did Chinese Spyware Linger in U.S. Phones?. Retrieved February 6, 2017. ↩
-
Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017. ↩