Supply Chain Attack

A supply chain attack targets the development, build, or distribution pipeline of a vendor so that malicious code, components, or updates are delivered as legitimate products to many victims at once. Notable techniques include compromising source-code repositories, injecting backdoors into build systems, poisoning open-source dependencies, abusing managed-service-provider access, and tampering with hardware during manufacture. Because the malicious artefact is signed and trusted, traditional perimeter defences rarely detect it. Mitigations rely on software bill of materials (SBOM), signed and reproducible builds, dependency pinning, vendor risk management, zero-trust principles, network segmentation, and continuous monitoring for anomalous post-update behaviour.