Supply Chain Attacks: How Threats Are Now Targeting the Web of Trust

Recent attacks on big names like British Airways, the BBC, and Boots show a clear shift in how hackers operate. Instead of just locking down data with ransomware, they’re now going after the trusted partners that run day-to-day operations. When a supplier is compromised—like the software company Zellis—attackers don’t just grab data. They use that access to slip into dozens of other organizations, turning one breach into a ripple effect. The Moveit breach, where hackers stole employee data, proves how dangerous this can be. It’s not about stealing files for themselves. It’s about using the breach as a launchpad to infiltrate and disrupt entire networks.

This isn’t just about old-school hacking. The attacks are getting smarter, more precise, and more profitable. The cl0p group used a zero-day flaw in Moveit, a widely used file transfer tool, to gain access. Zero-day exploits are scary because no one’s patched them yet—there’s no defense in place. What’s worse, the group didn’t just demand money. They used the stolen data to pressure companies into paying up or face public exposure. That’s a new kind of threat

How Supply Chain Attacks Are Evolving

• Targeting Trusted Partners: Hackers pick suppliers that are essential to operations—like Zellis or Moveit—because they’re trusted and often have deeper access to internal systems. Compromising one provider gives attackers a backdoor into dozens of downstream clients.
• Zero-Day Exploits Are a Key Tool: These are flaws that no one knows about or has patched. The cl0p group exploited a zero-day in Moveit, a common tool for file transfers. Since there’s no prior defense, such flaws are especially dangerous and hard to detect.
• A Shift from Ransomware to Pressure Tactics: Attackers aren’t just asking for money anymore. They’re using stolen data to threaten public exposure, making it harder for companies to ignore demands. This approach is more effective and shows a deeper understanding of business psychology.

The SolarWinds attack in 2020 was a wake-up call—hackers used a software update to slip into systems meant to protect security. That same kind of access is now being used by groups like cl0p. The level of planning and patience shows these aren’t just random actors. They’re thinking like state-level threat actors. That means companies can’t just defend their own systems. They must treat every vendor as a potential entry point, scan for flaws regularly, train employees, and have clear plans for what to do when a breach happens. If you’re not watching the supply chain, you’re already vulnerable.