T1474.003: Compromise Software Supply Chain

216.73.216.226

T1474.003: Compromise Software Supply Chain

View on MITRE ATT&CK The MITRE Corporation · Published 28/03/2022 21:25 · Modified 27/03/2026 01:41

Essential information

MITRE technique ID: T1474.003
Confidence: 100/100
Revoked: No
Published: 28/03/2022 21:25
Modified: 27/03/2026 01:41
Author / Source: The MITRE Corporation

Platforms

android iOS

Description

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.

Kill chain phases

Kill chain	Phase
mitre-mobile-attack	initial-access

Marking (TLP)

External references

NIST Mobile Threat Catalogue (SPC-11)
NIST Mobile Threat Catalogue (SPC-20)
NIST Mobile Threat Catalogue (SPC-4)
NIST Mobile Threat Catalogue (SPC-18)
NIST Mobile Threat Catalogue (SPC-12)
mitre-attack (T1474.003)