|Tactic||Defense Evasion, Persistence|
|System Requirements||Ability to update component device firmware from the host operating system.|
|Defense Bypassed||Anti-virus, File monitoring, Host intrusion prevention systems|
Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to System Firmware but conducted upon other system components that may not have the same capability or level of integrity checking. Malicious device firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.
- The Equation group is known to have the capability to overwrite the firmware on hard drives from some manufacturers.1