Home
HomeGlossarySupply chain attack

Supply chain attack

MITRE ATTACK layer: Initial Access

ON THIS PAGE

Unlock 442% ROI*

Control all your endpoints in a single platform.

4.6/5
Book a Demo

*Return on investment over three years as per the Total Economic Impact™ (TEI) study by Forrester

Supply chain attack is a technique where an attacker compromises a trusted vendor, software provider, or service to gain indirect access to multiple target organizations. It exploits implicit trust in software updates, third‑party tools, and vendor relationships rather than attacking victims directly.

How is Supply chain attack abused

Attackers infiltrate a vendor’s development, build, or update infrastructure and insert malicious code into legitimate software or updates. When customers deploy the trusted software, attackers gain persistent access to internal environments, enabling credential theft, lateral movement, data exfiltration, or further malware deployment without raising suspicion.

Why Supply chain attack matters

Supply chain attacks allow a single compromise to cascade across thousands of organizations simultaneously. Because the intrusion originates from trusted software, traditional security controls are bypassed, detection is delayed, and attackers can operate at scale, resulting in widespread espionage, data breaches, regulatory exposure, and long‑term loss of trust.

Real-world example

XZ Utils Supply Chain Attack

In 2024, malicious code was deliberately introduced into the XZ Utils open‑source compression library by a trusted maintainer, embedding a backdoor into official releases. The compromise threatened widespread impact across Linux distributions and enterprise systems, prompting emergency advisories and coordinated response from global cybersecurity authorities.

Source

Get the full attack repository

Get our entire attack repository in a single, offline-ready PDF guide, featuring 25+ real-world attacks.

Please enter a valid email.Please enter a email.
By clicking 'Download EBOOK', you agree to processing of personal data according to the Privacy Policy.

Related topics

Initial Access
Advanced Persistent Threat
Read more
Initial Access
Zero-Day Exploit
Read more
Initial Access
Shadow IT
Read more

Additional Resources

Research
Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report

See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central.

Read more
Security validation
Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report

Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months.

Read more
Guide
Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies

Get a clear, practical guide to understanding threats and strengthening your organization’s security.

Read more

Trusted by

Unified Endpoint Management and Security Solution
Patch ManagementSoftware DeploymentEndpoint SecurityOS DeploymentAsset ManagementMobile Device MgmtTools & Configurations