Security News > 2021 > January > Russian Hack of US Agencies Exposed Supply Chain Weaknesses
In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors.
The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments.
For hackers, the business model of directly targeting a supply chain is sensible.
A Government Accountability Office report from December said a review of 23 agencies' protocols for assessing and managing supply chain risks found that only a few had implemented each of seven "Foundational practices" and 14 had implemented none.
The government's formal counterintelligence strategy made reducing threats to the supply chain one of five core pillars.
Perhaps the best-known supply chain intrusion before SolarWinds is the NotPetya attack in which malicious code found to have been planted by Russian military hackers was unleashed through an automatic update of Ukrainian tax-preparation software, called MeDoc.
News URL
Related news
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- US govt officials’ communications compromised in recent telecom hack (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)