Build Pipeline Manipulation

Build Pipeline Manipulation is a specialized sub-technique under the Resource Development tactic's Compromised Code Signing and Build Infrastructure technique, where adversaries interfere with automated software build environments to inject malicious code into legitimate applications before they are distributed to end users. This approach represents a sophisticated supply chain attack vector that targets the continuous integration/continuous deployment (CI/CD) pipeline components, including build servers, configuration management systems, and automated testing frameworks. Attackers may compromise these systems by exploiting vulnerabilities in build tools, manipulating build scripts, injecting malicious dependencies, or leveraging compromised credentials of developers or operations personnel with pipeline access. This method is particularly insidious because the resulting compromised software will be properly signed and authenticated through legitimate channels, making detection extremely difficult. High-profile examples include the SolarWinds SUNBURST attack where adversaries modified the build process to inject a backdoor into software updates, allowing them to bypass traditional security measures and gain access to thousands of organizations' networks.