# Supply chain attack **MITRE ATTACK layer: Initial Access** Supply chain attack is a technique where an attacker compromises a trusted vendor, software provider, or service to gain indirect access to multiple target organizations. It exploits implicit trust in software updates, third‑party tools, and vendor relationships rather than attacking victims directly. ## How is Supply chain attack abused Attackers infiltrate a vendor’s development, build, or update infrastructure and insert malicious code into legitimate software or updates. When customers deploy the trusted software, attackers gain persistent access to internal environments, enabling credential theft, lateral movement, data exfiltration, or further malware deployment without raising suspicion. ## Why Supply chain attack matters Supply chain attacks allow a single compromise to cascade across thousands of organizations simultaneously. Because the intrusion originates from trusted software, traditional security controls are bypassed, detection is delayed, and attackers can operate at scale, resulting in widespread espionage, data breaches, regulatory exposure, and long‑term loss of trust. ## Real-world example ### XZ Utils Supply Chain Attack In 2024, malicious code was deliberately introduced into the XZ Utils open‑source compression library by a trusted maintainer, embedding a backdoor into official releases. The compromise threatened widespread impact across Linux distributions and enterprise systems, prompting emergency advisories and coordinated response from global cybersecurity authorities. [Source](https://fortiguard.fortinet.com/threat-signal-report/5408) ## Related topics ### Advanced Persistent Threat [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/advanced-persistent-threat.html) ### Zero-Day Exploit [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/zero-day-exploit.html) ### Shadow IT [Read more](https://www.manageengine.com/products/desktop-central/attack-glossary/shadow-it.html) ## Additional Resources ### Achieve 442% ROI and reduce patching time by 95% — Forrester TEI Report See how organizations gained 442% ROI and major efficiency improvements with Endpoint Central. [Read more](https://www.manageengine.com/products/desktop-central/forrester-total-economic-impact-uems.html?utm_source=ec-attackglossary) ### Experience enterprise-grade protection proven in real-world tests — AV-Comparatives Report Discover how Endpoint Central’s antivirus earned recognition through rigorous, real-world security validation in just eight months. [Read more](https://www.manageengine.com/products/desktop-central/malware-protection-av-comparatives-dec2025.html?utm_source=ec-attack_glossary) ### Simplify endpoint security and build cyber resilience — Endpoint Security For Dummies Get a clear, practical guide to understanding threats and strengthening your organization’s security. [Read more](https://www.manageengine.com/products/desktop-central/endpoint-security-for-dummies.html?utm_source=ec_attack-glossary)