Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Attacks

What is Supply Chain Attack?

An attack that compromises a target by infiltrating a trusted supplier, vendor, or software dependency in their supply chain.

Supply chain attacks exploit trust relationships — if you trust a software library or hardware vendor, compromising them compromises you.

Software Supply Chain

  • SolarWinds (2020): Russian hackers inserted malware into a software update used by 18,000 organizations including US government agencies
  • event-stream (2018): A popular npm package was compromised to steal cryptocurrency
  • xz Utils (2024): A sophisticated backdoor was inserted into a critical Linux compression library

Hardware Supply Chain

  • Intercepting devices during shipping to implant surveillance hardware
  • Compromising chip manufacturers to insert hardware backdoors
  • Counterfeit components with hidden functionality

Protection

  1. Keep software updated (but verify updates when possible)
  2. Use software with reproducible builds
  3. Prefer open-source dependencies that are widely audited
  4. Implement Software Bill of Materials (SBOM) tracking
  5. For hardware: buy from trusted vendors, inspect for tampering

Related Terms

Backdoor

A hidden method of bypassing normal authentication or encryption in a computer system. Backdoors may be intentionally built in (for maintenance or surveillance) or secretly inserted by attackers. In privacy contexts, backdoors refer to deliberate weaknesses that allow authorities to access encrypted data.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Malware includes viruses, ransomware, spyware, trojans, and worms—each with different infection methods and objectives.

Open Source

Software whose source code is made freely available for anyone to view, modify, and distribute. In privacy tools, open source allows independent security researchers to verify that the software does what it claims and contains no backdoors or hidden surveillance capabilities.

Have more questions?

Use our guided flow to get the right next privacy step for Supply Chain Attack.

Open Guided Flow