Compromise Software Supply Chain

A software supply chain compromise occurs when attackers infiltrate the development, distribution, or update mechanisms of legitimate software to inject malicious code or backdoors into trusted applications before they reach end users. Operating within the "Gain Access" phase of the attack lifecycle, this sub-technique of Supply Chain Compromise enables adversaries to bypass traditional security controls by exploiting the implicit trust organizations place in software from verified vendors. Attackers typically target development environments, code repositories, build systems, or update servers to insert their malicious code, which is then unknowingly distributed through legitimate channels. When targeted organizations install or update the compromised software, they inadvertently deploy the embedded malware throughout their environment, granting attackers privileged access to systems without triggering security alerts. The sophistication of this approach makes detection particularly challenging, as the malicious code bears the digital signatures and authenticity markers of the legitimate vendor, effectively camouflaging the compromise under a layer of perceived legitimacy.