Security News > 2023 > March > Warning on SolarWinds-like supply-chain attacks: 'They're just getting bigger'
SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel.
"It was similar to a fraternity rush - the best experience I never want to do again," Scales, head of incident response at Mandiant, told The Register.
"It was quite intense. Little did we know we were going to be in the middle of the supply-chain attack of the decade."
This, of course, was SolarWinds attack, which has since been attributed to Russia's Cozy Bear gang, and in addition to being the most high-profile supply-chain breach, it was also during the COVID-19 lockdown, so the IR team's war room was entirely virtual.
"It seems that supply chain attacks are just on the rise." And these days, criminals are especially keen on attacking open source software libraries, he noted.
As Scales told us: "This problem is not going away - it's just going to get bigger." .
News URL
https://go.theregister.com/feed/www.theregister.com/2023/03/03/solarwinds_supplychain_security/
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor (source)
- New R Programming Vulnerability Exposes Projects to Supply Chain Attacks (source)