New to CAPEC? Start Here
Home > CAPEC List > CAPEC-530: Provide Counterfeit Component (Version 3.9)  

CAPEC-530: Provide Counterfeit Component

Attack Pattern ID: 530
Abstraction: Detailed
View customized information:
+ Description
An attacker provides a counterfeit component during the procurement process of a lower-tier component supplier to a sub-system developer or integrator, which is then built into the system being upgraded or repaired by the victim, allowing the attacker to cause disruption or additional compromise.
+ Likelihood Of Attack


+ Typical Severity


+ Relationships
Section HelpThis table shows the other attack patterns and high level categories that are related to this attack pattern. These relationships are defined as ChildOf and ParentOf, and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as CanFollow, PeerOf, and CanAlsoBe are defined to show similar attack patterns that the user may want to explore.
ChildOfDetailed Attack PatternDetailed Attack Pattern - A detailed level attack pattern in CAPEC provides a low level of detail, typically leveraging a specific technique and targeting a specific technology, and expresses a complete execution flow. Detailed attack patterns are more specific than meta attack patterns and standard attack patterns and often require a specific protection mechanism to mitigate actual attacks. A detailed level attack pattern often will leverage a number of different standard level attack patterns chained together to accomplish a goal.531Hardware Component Substitution
Section HelpThis table shows the views that this attack pattern belongs to and top level categories within that view.
+ Prerequisites
Advanced knowledge about the target system and sub-components.
+ Skills Required
[Level: High]
Able to develop and manufacture malicious system components that resemble legitimate name-brand components.
+ Mitigations
There are various methods to detect if the component is a counterfeit. See section II of [REF-703] for many techniques.
+ Example Instances
The attacker, aware that the victim has contracted with an integrator for system maintenance and that the integrator uses commercial-off-the-shelf network hubs, develops their own network hubs with a built-in malicious capability for remote access, the malicious network hubs appear to be a well-known brand of network hub but are not. The attacker then advertises to the sub-system integrator that they are a legit supplier of network hubs, and offers them at a reduced price to entice the integrator to purchase these network hubs. The integrator then installs the attacker's hubs at the victim's location, allowing the attacker to remotely compromise the victim's network.
+ Taxonomy Mappings
Section HelpCAPEC mappings to ATT&CK techniques leverage an inheritance model to streamline and minimize direct CAPEC/ATT&CK mappings. Inheritance of a mapping is indicated by text stating that the parent CAPEC has relevant ATT&CK mappings. Note that the ATT&CK Enterprise Framework does not use an inheritance model as part of the mapping to CAPEC.
Relevant to the ATT&CK taxonomy mapping (see parent )
+ References
[REF-439] John F. Miller. "Supply Chain Attack Framework and Attack Patterns". The MITRE Corporation. 2013. <>.
[REF-698] Paul Wagner. "Combating Counterfeit Components in the DoD Supply Chain". Defence Systems Information Analysis Center. 2015. <>. URL validated: 2022-02-15.
[REF-703] Ujjwal Guin, Ke Huang, Daniel DiMase, John M. Carulli, Jr., Mohammad Tehranipoor and Yiorgos Makris. "Counterfeit Integrated Circuits: A Rising Threat in the Global Semiconductor Supply Chain". Proceedings of the IEEE. IEEE. 2014. <>. URL validated: 2022-02-15.
+ Content History
Submission DateSubmitterOrganization
(Version 2.6)
CAPEC Content TeamThe MITRE Corporation
Modification DateModifierOrganization
(Version 2.7)
CAPEC Content TeamThe MITRE Corporation
Updated Related_Attack_Patterns, Typical_Likelihood_of_Exploit
(Version 3.7)
CAPEC Content TeamThe MITRE Corporation
Updated Mitigations, References
Previous Entry Names
Change DatePrevious Entry Name
(Version 2.7)
Counterfeit Component Supplied
More information is available — Please select a different filter.
Page Last Updated or Reviewed: July 31, 2018