#T1195.002 Compromise Software Supply Chain

Technique

  • Tactics: Initial Access
  • Description:

    Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise. Supply chain compromise of software can take place in a number of ways, including manipulation of the application source code, manipulation of the update/distribution mechanism for that software, or replacing compiled releases with a modified version.

    Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.(Citation: Avast CCleaner3 2018)(Citation: Command Five SK 2011)

  • First Seen: Lazarus supply‑chain attack in South Korea • 2020-11-16
MITRE ATT&CK

Tagged Reports

2026-06-17
Microsoft
#SapphireSleet #Mastra #NPM #SupplyChain #T1195.002 #T1059.007 #T1059.001 #T1105 #T1071.001 #T1547.001 #T1543.003 #T1055 #T1562.001 #T1027
2026-06-16
Snyk
#Mastra #NPM #SupplyChain #T1078 #T1195.002 #T1059.007 #T1053.005
2026-06-12
Safe Dep
#PolinRider #SupplyChain #GitHub #T1195 #T1195.002 #T1059.007 #T1027 #T1102 #T1105
2026-05-31
Socket
#FamousChollima #ContagiousInterview #SupplyChain #T1195.002 #T1204.002 #T1059.007 #T1027 #T1102.001 #T1105
2026-05-28
Safe Dep
#FamousChollima #NPM #T1195 #T1195.002 #T1102 #T1102.002 #T1567 #T1567.002 #T1056 #T1056.001 #T1113 #T1005 #T1552 #T1552.004 #T1059 #T1059.001 #T1059.003 #T1547 #T1547.001 #T1053 #T1053.005 #T1543 #T1543.001 #T1543.004 #HuggingFace #T1119
2026-05-27
Wiz
#macOS #T1566 #T1195.002 #T1059.004 #T1547 #T1552 #T1555 #T1056.001 #T1105 #T1059 #JINX-0164 #Suspicious #T1480.001
2026-04-15
Safe Dep
#NPM #HuggingFace #T1195.002 #T1056.001 #T1552.001 #T1555 #T1105 #T1547
2026-04-07
Panther
#ContagiousTrader #NPM #OtterCookie #T1005 #T1059.007 #T1083 #T1195.002 #T1041 #T1098.004 #T1059.004 #T1027 #T1036.005 #T1656 #T1071.001 #T1082
2026-04-01
Cybersec Sentinel
#Axios #NPM #UNC1069 #T1059.007 #T1070.004 #T1036 #T1059.004 #T1547.001 #T1071.001 #T1140 #T1195.002
2026-04-01
Hunt.io
#Axios #NPM #TA444 #Bluenoroff #T1055 #T1059.006 #T1070.004 #T1082 #T1553.002 #T1059.002 #T1059.001 #T1027 #T1036.005 #T1547.001 #T1071.001 #T1057 #T1195.002
2026-03-31
Trend Micro
#Axios #NPM #T1059.006 #T1070.004 #T1082 #T1036 #T1059.001 #T1059.005 #T1027 #T1620 #T1071.001 #T1195.002
2025-11-26
Socket
#ContagiousInterview #NPM #OtterCookie #T1204.005 #T1036 #T1555.001 #T1587 #T1583.006 #T1082 #T1119 #T1585 #T1547.001 #T1005 #T1059.007 #T1587.001 #T1539 #T1041 #T1113 #T1656 #T1608.001 #T1204.002 #T1571 #T1105 #T1195.002 #T1115 #T1083 #T1583.001 #T1497 #T1546.016 #T1555.003 #T1056.001 #T1657 #T1217
2025-10-10
Socket
#ContagiousInterview #NPM #T1119 #T1005 #T1059.007 #T1082 #T1083 #T1555.001 #T1041 #T1027.013 #T1546.016 #T1608.001 #T1204.002 #T1555.003 #T1105 #T1657 #T1217 #T1195.002
2025-07-28
Wiz
#Bybit #DMM #JumpCloud #NPM #TraderTraitor #T1027 #T1566.003 #T1552.004 #T1195.001 #T1082 #T1566.001 #T1553.002 #T1199 #T1609 #T1078 #T1059.007 #T1041 #T1555 #T1550.004 #T1588.003 #T1204.002 #T1105 #T1071.001 #T1195.002 #T1059.006 #T1087.004 #T1566.002 #T1580 #T1578.005 #T1059
2025-07-26
Bloo
#ContagiousInterview #InvisibleFerret #T1562.001 #T1016 #T1027 #T1566.003 #T1560.001 #T1543.003 #T1082 #T1059.003 #T1567.002 #T1041 #T1219 #T1578 #T1204.002 #T1571 #T1071.001 #T1195.002 #T1115 #T1083 #T1555.003 #T1056.001
« Back