T1474.001: Compromise Software Dependencies and Development Tools
Essential information
- MITRE technique ID
T1474.001- Confidence
- 100/100
- Revoked
- No
- Published
- 28/03/2022 21:31
- Modified
- 27/03/2026 01:41
- Author / Source
- The MITRE Corporation
Platforms
android iOS
Description
Adversaries may manipulate products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software to function properly. Popular open source projects that are used as dependencies in many applications may be targeted as a means to add malicious code to users of the dependency.(Citation: Grace-Advertisement)
Kill chain phases
| Kill chain | Phase |
|---|---|
| mitre-mobile-attack | initial-access |
Marking (TLP)
Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.