System Firmware (T0857)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • System Firmware

Associated Tactics

  • Persistence
  • Inhibit Response Function

Persistence (TA0110)

The adversary is trying to maintain their foothold in your ICS environment. Persistence consists of techniques that adversaries use to maintain access to ICS systems and devices across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that allow them to secure their ongoing activity and keep their foothold on systems. This may include replacing or hijacking legitimate code, firmware, and other project files, or adding startup code and downloading programs onto devices.

View on ATT&CK

Procedure Examples

Description Source(s)
Basnight, Zachry, et al. 2013 Retrieved. 2017/10/17 Basnight, Zachry, et al.