The principal security analyst for a global manufacturer is investigating a security incident related

to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting

process, and the following issue was identified when the controller was restarted:

SECURE BOOT FAILED:

FIRMWARE MISMATCH EXPECTED $0$xFDC$479$ ACTUAL $0$x$79$F$31$B

During the investigation, this modified firmware version was identified on several other controllers

at the site. The official vendor firmware versions do not have this checksum. Which of the

following stages of the MITRE ATT&CK framework for ICS includes this technique?

A$.$ Evasion

B$.$ Persistence

C$.$ Collection

D$.$ Lateral movement