Program modification encompasses the addition and modification of instructions and logic contained in Program Organization Units (POU) 1 and similar programming elements found on controllers. Adversaries may modify or add a program on a controller to affect how it interacts with the physical process, peripheral devices and other hosts on the network. An easy point of access for an adversary is the Ethernet card, which may have its own CPU, RAM, and operating system. An adversary may stage an attack in advance and choose when to launch it, such as at a particularly damaging time.”]
Source: https://collaborate.mitre.org/attackics/index.php/Persistence