globe icon

Resources




You have been granted access to this resource on an individual basis. Access credentials are not to be shared.



Our team of supply chain experts and researchers is dedicated to maintaining an up-to-date and valuable resource on supply chain attacks and exploits. While not exhaustive, this list offers a broad overview of the diverse attack vectors that impact the global ICT supply chain. We aim to provide insights that help you better understand the evolving landscape of cyber threats and vulnerabilities.



Please note that all information published here is derived from publicly available sources, including security research and investigative journalism. None of the content is classified or commercially sensitive; it remains entirely within the public domain.



PDFs have been captured and are periodically updated to provide a record in the event that the original source is removed.




  1. Mind the (air) gap: GoldenJackal gooses government guardrails

    Original Source: eset.com

  2. Israel’s Pager Attacks Have Changed the World

    Original Source: nytimes.com

  3. Hundreds of PC models vulnerable to boot-level attacks after vendors copypaste “secret” keys

    Original Source: cybernews.com

  4. Phoenix UEFI vulnerability impacts hundreds of Intel PC models

    Original Source: bleepingcomputer.com

  5. The risks associated with Industrial IoT (Internet of Things)

    Original Source: archonsecure.com

  6. Ecuadorian TV presenter wounded by bomb disguised as USB stick

    Original Source: theguardian.com

  7. QCT Servers Affected by ‘Pantsdown’ BMC Vulnerability

    Original Source: securityweek.com

  8. Takeover risk to hundreds of IoT devices

    Original Source: portswigger.net

  9. Toyota production to resume after supply chain attack

    Original Source: computerweekly.com

    745 KB
  10. Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

    Original Source: cisa.gov

  11. Supply chain attacks are on the rise

    Original Source: cpomagazine.com

  12. Jumping the air gap: 15 years of nation-state effort

    Original Source: eset.com

    2.2 MB
  13. Supply chain attacks are the hacker’s new favorite weapon. And the threat is getting bigger.

    Original Source: zdnet.com

  14. Decade-long vulnerability in multiple routers could allow network compromise

    Original Source: medium.com/tenable-techblog

  15. Realtek flaw exposes dozens of brands to supply chain attacks

    Original Source: zdnet.com

  16. Ransomware attacks on shipping, logistics organizations rising as coronavirus vaccine supply chain targeted

    Original Source: portswigger.net

  17. The Long Hack: How China Exploited a U.S. Tech Supplier

    Original Source: bloomberg.com

  18. BBC NEWS Eric Schmidt: Huawei has engaged in unacceptable practices

    Original Source: bbc.com

  19. MITRE ATT&CK: Supply chain compromise

    Original Source: infosecinstitute.com

  20. The White House Decree: Executive Order on Securing the Information and Communications Technology and Services Supply Chain

    Original Source: federalregister.gov

    242 KB
  21. Every Part of the Supply Chain Can Be Attacked

    Original Source: nytimes.com

  22. Everybody Does It: The Messy Truth About Infiltrating Computer Supply Chains

    Original Source: theintercept.com

  23. Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs, FCC 19-121

    Original Source: csrc.nist.gov

    1.5 MB
  24. The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies

    Original Source: bloomberg.com

  25. On DoD warning about Lenovo

    Original Source: executivegov.com

  26. Researchers crack open unusually advanced malware that hid for 5 years

    Original Source: arstechnica.com

  27. Hackers Remotely Kill a Jeep on the Highway—With Me in It

    Original Source: wired.com

  28. Building reliable SMM backdoor for UEFI based platforms

    Original Source: blog.cr4.sh

  29. How “omnipotent” hackers tied to NSA hid for 14 years—and were found at last

    Original Source: arstechnica.com

  30. A undetectable Hardware Trojan is reality

    Original Source: securityaffairs.co

  31. Spy agencies ban on Lenovo PCs due to backdoor vulnerabilities

    Original Source: securityaffairs.co

  32. Rakshasa: The hardware backdoor that China could embed in every computer

    Original Source: extremetech.com

  33. Intellipedia - Air Gapped Network Threats

    Original Source: theintercept.com

    950 KB
  34. NSA/CSS target exploitation (TAREX) classification guide

    Original Source: theintercept.com

    950 KB
  35. Senate Armed Services Committee Hearing on Counterfeit Electronic Parts in the DOD Supply Chain

    Original Source: tmcnet.com

  36. Can DARPA Fix the Cybersecurity ‘Problem From Hell?’

    Original Source: wired.com

  37. Stealthy Techniques Can Crack Some of SIGINT’S Hardest Targets

    Original Source: theintercept.com

    1.2 MB
  38. Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation

    Original Source: theintercept.com

    913 KB
  39. Hardware Trojan: Threats and Emerging Solutions

    Original Source: swarup.ece.ufl.edu

    1.2 MB
  40. National Intelligence Estimate: The Global Cyber Threat to the US Information Infrastructure

    Original Source: theintercept.com

    283 KB
  41. U.S. Military Secrets for Sale at Afghan Bazaar

    Original Source: latimes.com

    72 KB
  42. Mission Impossible at the Sumitomo Bank

    Original Source: theregister.com

    78 KB
  43. NSA’s SENTRY EAGLE program

    Original Source: theintercept.com

    1.3 MB