MITRE ATT&CK Technique
Description
Adversaries may modify component firmware to persist on systems. Some adversaries may employ sophisticated means to compromise computer components and install malicious firmware that will execute adversary code outside of the operating system and main system firmware or BIOS. This technique may be similar to [System Firmware](https://attack.mitre.org/techniques/T1542/001) but conducted upon other system components/devices that may not have the same capability or level of integrity checking. Malicious component firmware could provide both a persistent level of access to systems despite potential typical failures to maintain access and hard disk re-images, as well as a way to evade host software-based defenses and integrity checks.
Supported Platforms
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2019-12-19T20:21:21.669Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may modify component firmware to persist on '
'systems. Some adversaries may employ sophisticated means to '
'compromise computer components and install malicious firmware '
'that will execute adversary code outside of the operating '
'system and main system firmware or BIOS. This technique may '
'be similar to [System '
'Firmware](https://attack.mitre.org/techniques/T1542/001) but '
'conducted upon other system components/devices that may not '
'have the same capability or level of integrity checking.\n'
'\n'
'Malicious component firmware could provide both a persistent '
'level of access to systems despite potential typical failures '
'to maintain access and hard disk re-images, as well as a way '
'to evade host software-based defenses and integrity checks.',
'external_references': [{'external_id': 'T1542.002',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1542/002'},
{'description': 'Pinola, M. (2014, December 14). 3 '
"tools to check your hard drive's "
"health and make sure it's not "
'already dying on you. Retrieved '
'November 17, 2024.',
'source_name': 'ITWorld Hard Disk Health Dec 2014',
'url': 'https://www.computerworld.com/article/1484887/3-tools-to-check-your-hard-drives-health-and-make-sure-its-not-already-dying-on-you.html'},
{'description': 'SanDisk. (n.d.). Self-Monitoring, '
'Analysis and Reporting Technology '
'(S.M.A.R.T.). Retrieved October 2, '
'2018.',
'source_name': 'SanDisk SMART'},
{'description': 'smartmontools. (n.d.). '
'smartmontools. Retrieved October 2, '
'2018.',
'source_name': 'SmartMontools',
'url': 'https://www.smartmontools.org/'}],
'id': 'attack-pattern--791481f8-e96a-41be-b089-a088763083d4',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'persistence'},
{'kill_chain_name': 'mitre-attack',
'phase_name': 'defense-evasion'}],
'modified': '2025-10-24T17:48:59.147Z',
'name': 'Component Firmware',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Windows', 'Linux', 'macOS'],
'x_mitre_version': '1.2'}