The ‘SolarWinds’ Hacks Show Supply Chain Attacks Are Business as Usual
https://www.vice.com/en_us/article/z3vz74/the-solarwinds-hacks-show-supply-chain-attacks-are-business-as-usual
Over the weekend, Reuters reported that foreign government hackers breached the U.S. Treasury Department. Soon after, more details of the hack came out, and it turned out that the government agency was just one of at least 18,000 networks infiltrated by alleged Russian government hackers, who used a poisoned software update from the IT management system SolarWinds to get into the victim's systems.
In other words, this was a classic example of the much-feared supply chain attack, where hackers hit several victims by first infiltrating a third party provider that has access to their customers' networks.