CAPEC-439: Manipulation During Distribution
An attacker undermines the integrity of a product, software, or technology at some stage of the distribution channel. The core threat of modification or manipulation during distribution arise from the many stages of distribution, as a product may traverse multiple suppliers and integrators as the final asset is delivered. Components and services provided from a manufacturer to a supplier may be tampered with during integration or packaging.
Last updated
Overview
CAPEC-439 (Manipulation During Distribution) is a meta-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
Examples
A malicious OEM provider, or OEM provider employee or contractor, may install software, or modify existing code, during distribution.
External contractors involved in the packaging or testing of products or components may install software, or modify existing code, during distribution.