Identify supply chains

Supply chains include the people, processes, and technologies used to move a product or service from a supplier to a consumer. Understanding supply chains may provide an adversary with opportunities to exploit the people, their positions, and relationships, that are part of the supply chain. [1] [2]

ID: T1265
Sub-techniques:  No sub-techniques
Tactic: People Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018

Similar Techniques by Tactic

Tactic Technique
Organizational Information Gathering Identify supply chains
Technical Information Gathering Identify supply chains


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Searching publicly available sources that cannot be monitored by a defender.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): No

Explanation: Requires an intensive process to obtain the full picture. It is possible to obtain basic information/some aspects via OSINT. May be easier in certain industries where there are a limited number of suppliers (e.g., SCADA).


  1. Drew Smith. (2015). Is your supply chain safe from cyberattacks?. Retrieved March 5, 2017.
  1. CERT-UK. (2016, October 01). Cyber-security risks in the supply chain. Retrieved March 5, 2017.