A supply chain attack is a type of cyberattack that targets a trusted third-party vendor who offers

services or software vital to the supply chain. Software supply chain attacks inject malicious code into

an application in order to infect all users of an app. The purpose of targeting software vendors in a

supply-chain attack is to take advantage of a trusted software delivery method, such as an update or

a download, that can reach a large number of potential victims. By compromising a software vendor,

an attacker can bypass the security measures of the downstream organizations and gain access to

their systems, data, or networks. Reference:

What Is a Supply Chain Attack? - Definition, Examples & More | Proofpoint US

What Is a Supply Chain Attack? - CrowdStrike

What Is a Supply Chain Attack? | Zscaler

What Is a Supply Chain Attack? Definition, Examples & Prevention