Supply-Chain-Attack

A supply chain attack occurs when threat actors compromise a trusted vendor, software provider, or service to gain indirect access to downstream customers. This SECMONS glossary entry explains how supply chain attacks work, common techniques, and how defenders should reduce third-party risk.

The SolarWinds supply chain compromise involved malicious code inserted into Orion software updates, impacting government and enterprise organizations. This SECMONS record provides structured analysis of the incident, its impact, and defensive lessons.