Latest examples of nation-state espionage, cyber-crime and disruption activity including those from Chinese IT product builders like ZTE, Lenovo, Huawei. The concerns about Huawei have become more heightened under the Trump administration in 2018 and 2019. The U.S security experts and government leaders warned that Chinese-made rail cars and 5G telecommunications products are susceptible to compromise.
Malicious actors poisoning software supply chain dynamic components especially free open source to compromise web sites using them.
ZDNet reported, that CloudCMS takedown the affected content delivery network (CDN) breached by hackers and resulting in modification of one of its Alpaca Forms scripts while allows website owners to create web forms.
In 2017, DHS ordered agencies to remove all Kaspersky Lab software branded products from U.S. systems citing the company's ties with Russian intelligence that can mandate Kaspersky pass information from U.S. systems to the Russian government.
In 2017, Dell lost control of a customer software website designed specifically to assist customers and its data when infected and its associated Internet web address after the support contractor failed to renew its authorized license. The domain was purchased by TeamInternet, a German company specialized in Uniform Resource Locator (URL) hijacking and typosquatting exploits and redirected it to a malware site.
In June 2017, suspected Russian actors deployed the PETYA ransomware to a wide range of European targets by compromising a targeted Ukranian software vendor.
In July 2017, Chinese cyber espionage operatives changed the software package of a legitimate software vendor NetSarang Computer. The change allowed to access a broad range of industries and institutions that included retail locations, financial services, transportation, telecommunication, energy, media, and academia.
In August 2017, hackers inserted a backdoor into the updates of the computer cleanup program ‘CCleanup', while it was in the software development phase.