Project File Infection (T0873)

View on ATT&CK

In Playbook

Technique & Subtechniques

  • Project File Infection

Associated Tactics

  • Persistence

Persistence (TA0110)

The adversary is trying to maintain their foothold in your ICS environment. Persistence consists of techniques that adversaries use to maintain access to ICS systems and devices across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that allow them to secure their ongoing activity and keep their foothold on systems. This may include replacing or hijacking legitimate code, firmware, and other project files, or adding startup code and downloading programs onto devices.

View on ATT&CK

Procedure Examples

Description Source(s)
Beckhoff TwinCAT 3 Source Control: Project Files Retrieved. 2019/11/21 Beckhoff
Nicolas Falliere, Liam O Murchu, Eric Chien 2011, February W32.Stuxnet Dossier (Version 1.4) Retrieved. 2017/09/22 Nicolas Falliere, Liam O Murchu, Eric Chien February 2011
PLCdev Nicolas Falliere, Liam O Murchu, Eric Chien 2011, February W32.Stuxnet Dossier (Version 1.4) Retrieved. 2017/09/22 Siemens SIMATIC Step 7 Programmer's Handbook Retrieved. 2019/11/21 PLCdev