CAPEC-523 - Malicious Software Implanted

An attacker implants malicious software into the system in the supply chain distribution channel, with purpose of causing malicious disruption or allowing for additional compromise when the system is deployed.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Advanced knowledge of the design of the system and it's operating system components and subcomponents.

High level: Malicious software creation.

Physical access to the system after it has left the manufacturer but before it is deployed at the victim location.