Build Environment Poisoning

Build Environment Poisoning is a sophisticated form of Supply Chain Compromise where attackers manipulate the development or build infrastructure used to create software applications rather than directly modifying the source code. Within the Gain Access phase, this sub-technique targets the integrity of the build pipeline, including Continuous Integration/Continuous Deployment (CI/CD) systems, build servers, development environments, or build tools. Attackers may inject malicious code during compilation or linking stages, compromise build scripts, modify build configurations, or manipulate dependencies that are automatically pulled during builds. The compromised build environment can then produce apparently legitimate software artifacts that contain backdoors or other malicious capabilities. This approach is particularly effective because it bypasses code reviews and source code scanning tools, as the malicious code is only introduced during the build process. Once the tainted software is distributed through official channels, it provides attackers with unauthorized access to systems where the compromised software is deployed, allowing lateral movement within targeted organizations while maintaining a trusted appearance.