MITRE ATT&CK Technique
Persistence
T1542.001
Description
Adversaries may modify system firmware to persist on systems.The BIOS (Basic Input/Output System) and The Unified Extensible Firmware Interface (UEFI) or Extensible Firmware Interface (EFI) are examples of system firmware that operate as the software interface between the operating system and hardware of a computer.(Citation: Wikipedia BIOS)(Citation: Wikipedia UEFI)(Citation: About UEFI) System firmware like BIOS and (U)EFI underly the functionality of a computer and may be modified by an adversary to perform or assist in malicious activity. Capabilities exist to overwrite the system firmware, which may give sophisticated adversaries a means to install malicious firmware updates as a means of persistence on a system that may be difficult to detect.
Supported Platforms
Windows
Network Devices
Created
April 29, 2026
Last Updated
April 29, 2026
STIX Data
{'created': '2019-12-19T19:43:34.507Z',
'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'description': 'Adversaries may modify system firmware to persist on '
'systems.The BIOS (Basic Input/Output System) and The Unified '
'Extensible Firmware Interface (UEFI) or Extensible Firmware '
'Interface (EFI) are examples of system firmware that operate '
'as the software interface between the operating system and '
'hardware of a computer.(Citation: Wikipedia BIOS)(Citation: '
'Wikipedia UEFI)(Citation: About UEFI)\n'
'\n'
'System firmware like BIOS and (U)EFI underly the '
'functionality of a computer and may be modified by an '
'adversary to perform or assist in malicious activity. '
'Capabilities exist to overwrite the system firmware, which '
'may give sophisticated adversaries a means to install '
'malicious firmware updates as a means of persistence on a '
'system that may be difficult to detect.',
'external_references': [{'external_id': 'T1542.001',
'source_name': 'mitre-attack',
'url': 'https://attack.mitre.org/techniques/T1542/001'},
{'description': 'Beek, C., Samani, R. (2017, March '
'8). CHIPSEC Support Against Vault 7 '
'Disclosure Scanning. Retrieved March '
'13, 2017.',
'source_name': 'McAfee CHIPSEC Blog',
'url': 'https://securingtomorrow.mcafee.com/business/chipsec-support-vault-7-disclosure-scanning/'},
{'description': 'Butterworth, J. (2013, July 30). '
'Copernicus: Question Your '
'Assumptions about BIOS Security. '
'Retrieved December 11, 2015.',
'source_name': 'MITRE Copernicus',
'url': 'http://www.mitre.org/capabilities/cybersecurity/overview/cybersecurity-blog/copernicus-question-your-assumptions-about'},
{'description': 'Intel Security. (2005, July 16). '
"HackingTeam's UEFI Rootkit Details. "
'Retrieved November 17, 2024.',
'source_name': 'Intel HackingTeam UEFI Rootkit',
'url': 'https://web.archive.org/web/20170313124421/http://www.intelsecurity.com/advanced-threat-research/content/data/HT-UEFI-rootkit.html'},
{'description': 'Intel. (2017, March 18). CHIPSEC '
'Platform Security Assessment '
'Framework. Retrieved March 20, 2017.',
'source_name': 'Github CHIPSEC',
'url': 'https://github.com/chipsec/chipsec'},
{'description': 'UEFI Forum. (n.d.). About UEFI '
'Forum. Retrieved January 5, 2016.',
'source_name': 'About UEFI',
'url': 'http://www.uefi.org/about'},
{'description': 'Upham, K. (2014, March). Going Deep '
'into the BIOS with MITRE Firmware '
'Security Research. Retrieved January '
'5, 2016.',
'source_name': 'MITRE Trustworthy Firmware '
'Measurement',
'url': 'http://www.mitre.org/publications/project-stories/going-deep-into-the-bios-with-mitre-firmware-security-research'},
{'description': 'Wikipedia. (2017, July 10). Unified '
'Extensible Firmware Interface. '
'Retrieved July 11, 2017.',
'source_name': 'Wikipedia UEFI',
'url': 'https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface'},
{'description': 'Wikipedia. (n.d.). BIOS. Retrieved '
'January 5, 2016.',
'source_name': 'Wikipedia BIOS',
'url': 'https://en.wikipedia.org/wiki/BIOS'}],
'id': 'attack-pattern--16ab6452-c3c1-497c-a47d-206018ca1ada',
'kill_chain_phases': [{'kill_chain_name': 'mitre-attack',
'phase_name': 'persistence'},
{'kill_chain_name': 'mitre-attack',
'phase_name': 'defense-evasion'}],
'modified': '2025-10-24T17:48:26.714Z',
'name': 'System Firmware',
'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
'revoked': False,
'spec_version': '2.1',
'type': 'attack-pattern',
'x_mitre_attack_spec_version': '3.2.0',
'x_mitre_contributors': ['Jean-Ian Boutin, ESET', 'McAfee', 'Ryan Becwar'],
'x_mitre_deprecated': False,
'x_mitre_detection': '',
'x_mitre_domains': ['enterprise-attack'],
'x_mitre_is_subtechnique': True,
'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
'x_mitre_platforms': ['Windows', 'Network Devices'],
'x_mitre_version': '1.2'}