10 software supply chain attacks you can learn from


Supply chain attacks are surging — and no one is immune. That has CISOs and boards worried. Learn from these notable 2022 software supply chain attacks. 

Since the devastating compromise of the SolarWinds Orion platform in 2020, malicious actors have steadily stepped up their software supply chain attacks. One 2022 survey found that supply chain attacks are affecting 62% of organizations.

And many organizations say they are not prepared to deal with the challenges of protecting their software supply chain. A recent survey of 1,000 CIOs found that 82% of organizations are vulnerable to software supply chain attacks. 

The State of Software Supply Chain Security 2022-23 explores top trends, best practices and more. One thing is clear: Supply chain attacks are surging — and no one is immune. That has made them the center of conversations about cyber risk and cybersecurity with CISOs and boards. 

Here are 10 software supply chain attacks from 2022 that your team can learn from.


A typosquatting campaign aimed at a popular JavaScript node packager used by some 11 million developers worldwide was discovered in July by researchers at ReversingLabs. The campaign, known as IconBurst, used dozens of malicious NPM modules containing obfuscated JavaScript code to compromise hundreds of downstream desktop apps and websites ReversingLabs’ Karlo Zanki wrote in his threat research blog post.

“Upon closer inspection, we discovered evidence of a coordinated supply chain attack, with a large number of npm packages containing jQuery scripts designed to steal form data from deployed applications that include them.”
Karlo Zanki

Zanki explained that the pernicious actor gave the malicious modules names similar to high-traffic modules or names containing common misspellings of those modules, hoping careless developers would use the doctored versions of modules like umbrellajs and packages produced by Iconic.io. Since the users of the software and not the developers were the ultimate target of the scheme, the attack is similar to the infamous SolarWinds compromise, he added.

Comparitech estimates that 35,754 customers were affected by the attack.

Python Package Index (PyPI)