A supply chain attack is a tactic used by hackers to compromise third-party suppliers to major corporations, governments and organizations to gain valuable information.
By using a trojan horse update, the hackers gained access to a vast amount of sensitive and possibly top-secret information held by branches of the military, the state department, and the pentagon. The extent of the breach is still unknown and many estimate that it will take more than a year to recover and fully remove any threat of lingering surveillance.
The Solar Winds example is a classic case of how devastating a supply chain attack can be. Since so many modern operations rely on software and services from third-party suppliers like cybersecurity firms, it is increasingly difficult to keep systems safe. Supply chain attacks go beyond cybercrime and begin to enter the arena of cyber warfare. In the coming years, supply chain attacks could be used for extortion, surveillance and to gain control over sensitive networks.