"to three of the vendor ’ s storage accounts. the accounts contain msi installers and autodesk revit architectural model files — extension revit family architecture ( rfa ) – potentially distributed to other customers. - trend zero day initiative™ ( zdi ) has discovered multiple r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
73%
", an official subdomain, and a microsoft - owned url shortener service. ultimately, these cases are not just about specific vendors or vulnerabilities – they are strong reminders that in software supply chains, trust must be proactively earned, verified, and continually reassesse…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
71%
"that could have enabled a full - blown supply chain attack. this case reinforces the following key points : - just because dlls are digitally signed, they are not inherently secure. trust indicators must be backed by thorough internal review and static analysis throughout the dev…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1552.001Credentials In Files
70%
"used with autodesk revit to examine models of products. the storage account contained the rfa files for various axis products, such as security cameras and radars, as listed on their website. exchange of zdi reports and vendor fixes as the credentials allowed potentially unintend…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
63%
"that could have enabled a full - blown supply chain attack. this case reinforces the following key points : - just because dlls are digitally signed, they are not inherently secure. trust indicators must be backed by thorough internal review and static analysis throughout the dev…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
63%
"the previous releases of axis plugin for autodesk revit msi installers, including the msi installer for version 25. 3. 710 reported earlier. this in turn contained valid unrotated credentials for the storage account “ axiscontentfiles ” first found in version 25. 3. 710 as zdi - …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
61%
"named “ azureblobrestapi. dll ” issued to “ aec advanced engineering computation aktiebolag, ” as seen in figure 1. the dll was signed by aec ab, an autodesk partner that consults customers about autocad and revit platforms. exposed credentials in signed dlls is an uncommon sight…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
56%
". as for the autodesk revit rfa files, we still had another question left to pursue : how much could an attacker achieve by tampering with the rfa files within the storage account? the rfa files in the storage account are used by end customers within autodesk revit. vulnerabiliti…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
54%
"to three of the vendor ’ s storage accounts. the accounts contain msi installers and autodesk revit architectural model files — extension revit family architecture ( rfa ) – potentially distributed to other customers. - trend zero day initiative™ ( zdi ) has discovered multiple r…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
44%
"a cascade of insecure architectures : axis plugin design flaw expose select autodesk revit users to supply chain risk cloud a cascade of insecure architectures : axis plugin design flaw expose select autodesk revit users to supply chain risk we discovered azure storage account cr…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.002Compromise Software Supply Chain
42%
"25. 3. 718 ), released in march, contains patches that resolve all previously reported issues. additionally, the vulnerable version ( 25. 3. 710 ), has been removed from their storage, ensuring it can no longer be used to upload or download content. users must upgrade to version …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1485Data Destruction
32%
"##unts - 010 ) ensure that soft delete feature is enabled for your microsoft azure storage blob objects. - review storage accounts with static website configuration ( storageaccounts - 017 ) ensure that azure storage accounts with static website configuration are regularly review…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
31%
"not just about specific vendors or vulnerabilities – they are strong reminders that in software supply chains, trust must be proactively earned, verified, and continually reassessed. a single misstep in plugin security, credential handling, or file exposure can have cascading con…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users.