{"id":39591,"date":"2021-02-16T14:52:23","date_gmt":"2021-02-16T14:52:23","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32024\/Obvious-Supply-Chain-Attack-Hits-Dozens-Of-Companies.html"},"modified":"2021-02-16T14:52:23","modified_gmt":"2021-02-16T14:52:23","slug":"obvious-supply-chain-attack-hits-dozens-of-companies","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/","title":{"rendered":"Obvious Supply Chain Attack Hits Dozens Of Companies"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/02\/software-code-800x534.jpg\" alt=\"New type of supply-chain attack hit Apple, Microsoft and 33 other companies\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"34 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2021\/02\/supply-chain-attack-that-fooled-apple-and-microsoft-is-attracting-copycats\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">51<\/span> <span class=\"visually-hidden\"> with 34 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 902:single\/related:df61f76f92cc8c856cbd30c4cba7e0f9 --><!-- empty --><\/p>\n<p>Last week, a researcher demonstrated a new supply-chain attack that executed counterfeit code on networks belonging to some of the biggest companies on the planet, Apple, Microsoft, and Tesla included. Now, fellow researchers are peppering the Internet with copycat packages, with more than 150 of them detected so far.<\/p>\n<p>The technique was <a href=\"https:\/\/medium.com\/@alex.birsan\/dependency-confusion-4a5d60fec610\">unveiled last Tuesday<\/a> by security researcher Alex Birsan. His so-called dependency confusion or namespace confusion attack starts by placing malicious code in an official public repository such as NPM, PyPI, or RubyGems. By giving the submissions the same package name as dependencies used by companies such as Apple, Microsoft, Tesla, and 33 other companies, Birsan was able to get these companies to automatically download and install the counterfeit code.<\/p>\n<h2>Automatic pwnage<\/h2>\n<p>Dependencies are public code libraries or packages that developers use to add common types of functionality to the software they write. By leveraging the work of thousands of their open source peers, developers are spared the hassle and expense of creating the code themselves. The developer\u2019s code automatically downloads and incorporates the dependency, or any update to it, either from the developer\u2019s local computer or from a public repository.<\/p>\n<p>Birsan scoured Internet forums, JavaScript code, accidentally published internal packages, and other sources to find the names of code dependencies used in software from 35 companies. He then uploaded his own code to NPM, PyPI, or Ruby Gems using the same dependency names. In other words, the researcher was squatting on the authentic package name belonging to the companies. The researcher ended up receiving $130,000 in bug bounties.<\/p>\n<p>By giving the packages version numbers that were higher than the authentic ones, the targeted companies automatically downloaded and executed Birsan\u2019s counterfeit packages.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cThe success rate was simply astonishing,\u201d Birsan wrote. He added:<\/p>\n<blockquote>\n<p>From one-off mistakes made by developers on their own machines, to misconfigured internal or cloud-based build servers, to systemically vulnerable development pipelines, one thing was clear: squatting valid internal package names was a nearly sure-fire method to get into the networks of some of the biggest tech companies out there, gaining remote code execution, and possibly allowing attackers to add backdoors during builds.<\/p>\n<\/blockquote>\n<p>Within two days of Birsan publishing his results, security company Sonotype said last Friday, other developers or researchers had <a href=\"https:\/\/blog.sonatype.com\/sonatype-spots-150-malicious-npm-packages-copying-recent-software-supply-chain-attacks\">carried out copycat attacks<\/a>&nbsp;and put 150 similarly name-squatted packages in NPM.<\/p>\n<h2>How it works<\/h2>\n<p>Package managers typically accept dependencies listed as names and attempt to parse developers\u2019 intentions. The managers look for dependencies both on the local computer where the project is stored and the Internet-accessible directory belonging to the package manager.<\/p>\n<p>\u201cThe dependency confusion problem is an inherent design flaw in the native installation tools and DevOps workflows that pull dependencies into your software supply chain,\u201d Sonotype researchers wrote in an <a href=\"https:\/\/blog.sonatype.com\/dependency-hijacking-software-supply-chain-attack-hits-more-than-35-organizations\">earlier writeup<\/a> on Birsan\u2019s attack. \u201cIn this context, dependency confusion refers to the inability of your development environment to distinguish between a private, internally-created present package in your software build, and a package by the same name available in a public software repository.\u201d<\/p>\n<p>Sonotype researchers went on to explain the technique this way:<\/p>\n<blockquote>\n<p>For example, let\u2019s assume your application uses an internal, privately-created PyPI component called foobar (version 1) as a dependency. Later, should an unrelated component by the same name but higher version number foobar (version 9999) be published to the PyPI downloads public repository, the default configuration of PyPI development environments dictates that the foobar with the higher version be downloaded as a dependency.<\/p>\n<p>In this case, that would mean, the attacker\u2019s counterfeit foobar package with a higher version number would silently and automatically make its way into your software build.<\/p>\n<\/blockquote>\n<p>So-called <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/09\/devs-unknowingly-use-malicious-modules-put-into-official-python-repository\/?\">typo-squatting<\/a> attacks have <a href=\"https:\/\/arstechnica.com\/information-technology\/2018\/06\/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub\/\">existed for years<\/a>. They upload code into public repositories and use names that are similar to the names of legitimate packages in the hopes a developer will make a typo or click on a malicious link that causes the fake code to be downloaded. The advantage of Birsan\u2019s dependency confusion technique is that it doesn\u2019t rely on human error to work.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>While the affected companies didn\u2019t spot the counterfeit, Sonotype did. After checking with Birsan the company learned that the bogus dependencies were part of a benign experiment.<\/p>\n<h2>Proof of concept<\/h2>\n<p>Birsan found that the 35 affected companies used locally stored dependencies that weren\u2019t available in the public directory. When he uploaded his own proof-of-concept malicious code to a public repository using the same name as the legitimate dependency and a higher version number, the companies\u2019 software automatically installed and ran them.<\/p>\n<p>To keep from running afoul of companies\u2019 vulnerability-reporting policies, Birsan\u2019s code limited its activities to sending the username, hostname, and current patch of each unique installation to the researcher. He also had permission to test the security of all 35 companies, either through public bug bounty programs or private agreements.<\/p>\n<p>To ensure security defenses didn\u2019t block the information from leaving the target company\u2019s network, Birsan\u2019s PoC code hex-encoded the data and sent it in a DNS query. The companies\u2019 failure to block the traffic comes at least four years after the use of DNS exfiltration by malware came to the <a href=\"https:\/\/arstechnica.com\/information-technology\/2017\/03\/researchers-uncover-powershell-trojan-that-uses-dns-queries-to-get-its-orders\/\">attention of researchers<\/a>.<\/p>\n<p>Canadian ecommerce company Shopify automatically installed a Ruby Gem named shopify-cloud within a few hours of Birsan making it available in the Ruby Gems repository. Meanwhile, multiple machines inside Apple\u2019s network executed code Birsan uploaded to NPM. Birsan said the affected Apple projects appeared to be related to Apple ID, the company\u2019s authentication system. Both Shopify and Apple awarded Birsan $30,000 bounties each.<\/p>\n<p>Sonotype has a list of steps <a href=\"https:\/\/blog.sonatype.com\/sonatype-spots-150-malicious-npm-packages-copying-recent-software-supply-chain-attacks\">here<\/a> that developers can take to prevent dependency confusion attacks. Chief among the defenses is for repositories to enforce mandatory namespace and scope verification. One verification technique is the reverse use of the fully qualified domain name, which allows rightful owners of a brand or namespace to publish components in that namespace while keeping adversaries out.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32024\/Obvious-Supply-Chain-Attack-Hits-Dozens-Of-Companies.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":39592,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9208],"class_list":["post-39591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftflawapplebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-16T14:52:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Obvious Supply Chain Attack Hits Dozens Of Companies\",\"datePublished\":\"2021-02-16T14:52:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/\"},\"wordCount\":1005,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg\",\"keywords\":[\"headline,hacker,microsoft,flaw,apple,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/\",\"name\":\"Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg\",\"datePublished\":\"2021-02-16T14:52:23+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/obvious-supply-chain-attack-hits-dozens-of-companies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,flaw,apple,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftflawapplebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Obvious Supply Chain Attack Hits Dozens Of Companies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/","og_locale":"en_US","og_type":"article","og_title":"Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-16T14:52:23+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Obvious Supply Chain Attack Hits Dozens Of Companies","datePublished":"2021-02-16T14:52:23+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/"},"wordCount":1005,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg","keywords":["headline,hacker,microsoft,flaw,apple,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/","url":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/","name":"Obvious Supply Chain Attack Hits Dozens Of Companies 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg","datePublished":"2021-02-16T14:52:23+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/obvious-supply-chain-attack-hits-dozens-of-companies.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/obvious-supply-chain-attack-hits-dozens-of-companies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,flaw,apple,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftflawapplebackdoor\/"},{"@type":"ListItem","position":3,"name":"Obvious Supply Chain Attack Hits Dozens Of Companies"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39591"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39591\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39592"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}