What is a supply chain attack?
Also referred to as a value-chain attack, or a third-party attack, a supply chain attack is a type of cyberattack that
targets a trusted third-party supplier who offers services or software vital to the supply chain. There are two types
of supply chain attacks:
• Software supply chain attacks: Inject malicious code into an application to infect all users of an app
• Hardware supply chain attacks: Compromise physical components to infect end-users
The goal of these attacks is typically to gain access to sensitive environments, steal sensitive data, or gain remote
control over systems.
Many cyber attacks we hear about are supply chain attacks, even though they are not always called this. What
describes a supply chain attack is its penetration vector. As long as the attacker uses a service or a technology
provided by a vendor to access the victim, it is a supply chain attack.
