T1195.002

Compromise Software Supply Chain

SUB-TECHNIQUE Initial Access

Description

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)

Platforms

LinuxWindowsmacOS

Mitigations

M1051 — Update Software
M1016 — Vulnerability Scanning

Look up any technique

Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.

Our coverage

TrustFall: AI Coding Agents Exploitable with One Enter Keypress
North Korea Cryptocurrency Theft Tactics 2026: How DPRK Seized 76% of All Stolen Crypto

Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →