Skip to content

Turning the tables on the attackers: how to hack the hackers’ supply chains

Today, supply chains are longer, more complicated, and more global than ever. As an ever-increasing spectrum of products, tools, and systems is becoming electronically interconnected, these often non-transparent and heavily-intertwined supply chains are increasingly subjected to various kinds of cyber attacks. Stuxnet is an earlier example of initial infiltration of third-party systems (the Siemens SIMATIC WinCC and PCS 7 control systems) with the goal of physically disrupting the actual target (the Iranian nuclear facility at Natanz) controlled by those systems. Last year’s financially-motivated supply chain attack against the Kaseya software resulted in thousands of managed-service providers being infected with REvil ransomware. Existing power structures, normative frameworks, and the free flow of information come under pressure in times of crisis, such as the Corona pandemic, the war in Ukraine, or during physical blockades (e.g., Suez Canal, Port of Shanghai). Disruptive attacks against the information infrastructure of supply chains can then unfold critical effects not only for the original target and its branch but also for other interdependent sectors. In this article, I argue that this growing interdependency is no exclusive phenomenon for the targets of supply chain attacks. Instead, the increasing diversification of the cybercrime ecosystem offers multiple options for states and law enforcement agencies to disrupt its services.

Other EuRepoC Articles

  • Research and Analysis
Right Thoughts, Right Words, Right Actions?: The EU’s Application of the Cyber Diplomacy Toolbox

1 February 2024
This analysis by Imke Schmalfeldt, Annika Sachs, and Kerstin Zettl-Schabath is the first to closely examine the actual application of the Cyber Diplomacy Toolbox's measures by EU institutions and actors over the last six years. Thiis paper sheds light on the question as to how far the EU has used the CDT as a vehicle to push for a strengthened Europeanisation of cybersecurity policies.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.