Security News > 2021 > January > Russian Hack of US Agencies Exposed Supply Chain Weaknesses
In general terms, a supply chain refers to the network of people and companies involved in the development of a particular product, not dissimilar to a home construction project that relies on a contractor and a web of subcontractors.
The most recent case targeting federal agencies involved Russian government hackers who are believed to have sneaked malicious code into popular software that monitors computer networks of businesses and governments.
For hackers, the business model of directly targeting a supply chain is sensible.
A Government Accountability Office report from December said a review of 23 agencies' protocols for assessing and managing supply chain risks found that only a few had implemented each of seven "Foundational practices" and 14 had implemented none.
The government's formal counterintelligence strategy made reducing threats to the supply chain one of five core pillars.
Perhaps the best-known supply chain intrusion before SolarWinds is the NotPetya attack in which malicious code found to have been planted by Russian military hackers was unleashed through an automatic update of Ukrainian tax-preparation software, called MeDoc.
News URL
Related news
- HPE notifies employees of data breach after Russian Office 365 hack (source)
- A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) (source)
- Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- GitHub Action hack likely led to another in cascading supply chain attack (source)
- Chinese military-linked companies dominate US digital supply chain (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)