New to CAPEC? Start Here
Home > CAPEC List > CAPEC-524: Rogue Integration Procedures (Version 3.9)  

CAPEC-524: Rogue Integration Procedures

Attack Pattern ID: 524
Abstraction: Standard
View customized information:
+ Description
An attacker alters or establishes rogue processes in an integration facility in order to insert maliciously altered components into the system. The attacker would then supply the malicious components. This would allow for malicious disruption or additional compromise when the system is deployed.
+ Likelihood Of Attack


+ Typical Severity


+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
ChildOfMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.439Manipulation During Distribution
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Prerequisites
Physical access to an integration facility that prepares the system before it is deployed at the victim location.
+ Skills Required
[Level: High]
Advanced knowledge of the design of the system.
[Level: High]
Hardware creation and manufacture of replacement components.
+ Mitigations
Deploy strong code integrity policies to allow only authorized apps to run.
Use endpoint detection and response solutions that can automaticalkly detect and remediate suspicious activities.
Maintain a highly secure build and update infrastructure by immediately applying security patches for OS and software, implementing mandatory integrity controls to ensure only trusted tools run, and requiring multi-factor authentication for admins.
Require SSL for update channels and implement certificate transparency based verification.
Sign everything, including configuration files, XML files and packages.
Develop an incident response process, disclose supply chain incidents and notify customers with accurate and timely information.
Maintain strong physical system access controls and monitor networks and physical facilities for insider threats.
+ Example Instances
An attacker gains access to a system integrator's documentation for the preparation of purchased systems designated for deployment at the victim's location. As a part of the preparation, the included 100 megabit network card is to be replaced with a 1 gigabit network card. The documentation is altered to reflect the type of 1 gigabit network card to use, and the attacker ensures that this type of network card is provided by the attacker's own supply. The card has additional malicious functionality which will allow for additional compromise by the attacker at the victim location once the system is deployed.
+ Taxonomy Mappings
Section HelpCAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.
Relevant to the ATT&CK taxonomy mapping (see parent )
+ References
[REF-439] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <>.
[REF-716] Daniel Simpson, Dani Halfin, Andrews Mariano Gorzelany and Beth Woodbury. "Supply chain attacks". Microsoft. 2021-10-28. <>. URL validated: 2022-02-21.
+ Content History
Submission DateSubmitterOrganization
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modification DateModifierOrganization
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Typical_Likelihood_of_Exploit
(Version 3.3)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns
(Version 3.7)
CAPEC Content TeamThe MITRE Corporation
Updated Mitigations, References
More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2018