Software supply chain threats represent a particularly nefarious issue for defenders, as it involves the compromise of a trusted third party through which the threat actor then subsequently compromises additional victims. To complicate things even more, the subsequent victims of these supply chain attacks are often unaware that they have been attacked in the first place due to the trusted nature of the relationship between the 3rd party victim and the supplier.

Accordingly, this brief will discuss CrowdStrike’s most current understanding of recent supply chain threats, including Log4j as a use case. This brief will cover the threat actors that perpetrate these attacks, their associated infrastructure and capabilities, and what organizations should be considering in order to combat these advanced threats.