Component Firmware

From enterprise
Jump to: navigation, search
Component Firmware
ID T1109
Tactic Defense Evasion, Persistence
Platform Windows
System Requirements Ability to update component device firmware from the host operating system.
Permissions Required SYSTEM
Defense Bypassed Anti-virus, File monitoring, Host intrusion prevention systems

Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to System Firmware but conducted upon other system components that may not have the same capability or level of integrity checking. Malicious device firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.


  • The Equation group is known to have the capability to overwrite the firmware on hard drives from some manufacturers.1