Back to Glossary

Supply Chain Attack

What Is Supply Chain Attack?

A supply chain attack is a type of cyberattack that targets the supply chain of an organization. It is a malicious attack that seeks to compromise the flow of goods and services from the supplier to the customer by targeting less-secure elements in the supply chain. Attackers exploit trust relationships between vendors, software providers, and their customers.

Description

Supply chain attacks can take many forms, including the insertion of malicious code into software updates, the compromise of hardware components, or the use of social engineering to gain access to supplier systems. Once the attacker has gained access to the supply chain, they can use it to distribute malware, steal data, or conduct other malicious activities. Supply chain attacks can also be conducted through phishing campaigns targeting suppliers or partners.

Usage and Examples

Supply chain attacks can target any organization that relies on third-party suppliers for goods or services. Examples of supply chain attacks include the SolarWinds attack, in which attackers inserted malicious code into a software update that was distributed to thousands of organizations, and the Target breach, in which attackers gained access to Target's network through a third-party HVAC vendor.

Access control

Advanced Persistent Threat

Adversarial Machine Learning

Adversary-in-the-Middle (AiTM) Attack

Agentic AI Security

AI-Powered Social Engineering

AI Red Teaming

AI Security

Anthropic Fable (Claude Fable 5)

Anthropic Mythos (Claude Mythos Preview)

API Security

Application Penetration Testing

Assumed Breach

Attack Surface

Attack Surface Management (ASM)

Botnet

Broken Access Control

Business Email Compromise (BEC)

BYOD

CIS Controls

CIS RAM

Cloud computing

Cloud Security

Cloud Security Posture Management (CSPM)

COBIT

Command and Control (C2)

Container Escape

Continuous Threat Exposure Management (CTEM)

Credential Stuffing

Cryptocurrency

Cryptojacking

Cyber Attack

Cyber Maturity Model Certification (CMMC)

Cyber Resilience

Cyber Threat Intelligence

Darknet

Data Breach

Data Loss Prevention

Data Poisoning

DDoS Attack

Declaration of Conformity

Deepfake

Detection Engineering

DMZ

Encryption

Endpoint

Endpoint Detection and Response

Ethical Hacking Tools

Exposure Management

Firewall

Firmware Security

FISMA

Gap analysis

GDPR

Hacker

HIPAA

Hypervisor (VMM)

Identification

Identity Theft

Identity Threat Detection and Response (ITDR)

Incident Response

Infrastructure-as-a-Service (IaaS)

Initial Access Brokers

Insider Threat

Internal Penetration Testing

Intrusion detection system (IDS)

Intrusion Prevention System (IPS)

ISO 27001

Keyboard logger

Lateral Movement

LLM Jailbreak

Macro virus

Malicious Apps

Malware

Managed Detection and Response (MDR)

Managed Detection and Response (MDR)

MCP Security

Memory Safety Vulnerabilities

MTTD and MTTR

Multi-Factor Authentication (MFA)

Network Detection and Response (NDR)

Network Firewall

Network Penetration Testing

Network Security

Network Security Assessment

NIS2 and DORA Compliance

NIST Cybersecurity Framework

Non-Human Identity (NHI) Security

Offensive Security

OpenAI Daybreak

Operational Technology (OT) Security

Password

Password Cracking

Patch Management

PCI DSS

Penetration Testing

Phishing

Phishing-Resistant Authentication

Platform-as-a-Service (PaaS)

Post-Quantum Cryptography (PQC)

Previous term
No previous terms!
Next term
No next terms!

Start Playing Offense to Play Better Defense

Copyright © 2026 Evolve Security. Evolve Security is trademarked in the United States.
312-957-5682
123 N. Waker Dr., Suite: 2125 Chicago, IL 60606
info@evolvesecurity.com
Connect
Contact UsRequest a demo
Services
Services OverviewAI Penetration TestingApplication Penetration TestingCloud Penetration TestingNetwork Penetration TestingEmbedded SystemsRed TeamAdvisory
Platform
Darwin Attack OverviewRisk ScoringAsset & Threat IntelligenceHuman-In-The-LoopDashboards & ReportingPlatform Integrations
Resources
BlogsEventsVideosPodcasts
Company
AboutCareersEvolve AcademyPartner Program
Privacy PolicyTerms of ServiceVulnerability Disclosure PolicyReport Issue
AICPA SOC logo with text 'SOC for Service Organizations | Service Organizations' and website aicpa.org/soc4so.