CAPEC-530 - Counterfeit Component Supplied

An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.

Severity

Likelihood

Confidentiality

Integrity

Availability

High level: Able to develop and manufacture malicious system components that resemble legitimate name-brand components.

Advanced knowledge about the target system and sub-components.