T1195.002 - Compromise Software Supply Chain
Sub-technique
Tactics:
Initial Access
Initial Access
Platforms:
Linux Windows macOS
Linux Windows macOS
Detection:
Not specified
Not specified
Description:
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)
Used by Actors (9)
Malware (3)
Metadata
| MITRE ID: | T1195.002 |
| STIX ID: | attack-pattern--bd369cd9-abb8-... |
| Platforms: | Linux, Windows, macOS |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |