MITRE ATT&CK / T1601
T1601
Modify System Image
Description
Adversaries may make changes to the operating system of embedded network devices to weaken defenses and provide new capabilities for themselves. On such devices, the operating systems are typically monolithic and most of the device functionality and capabilities are contained within a single file.To change the operating system, the adversary typically only needs to affect this one file, replacing or modifying it. This can either be done live in memory during system runtime for immediate effect, or in storage to implement the change on the next boot of the network device.
Platforms
Mitigations
- M1032 — Multi-factor Authentication
- M1027 — Password Policies
- M1043 — Credential Access Protection
- M1045 — Code Signing
- M1046 — Boot Integrity
- M1026 — Privileged Account Management
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Our coverage
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →