Russian hack of US agencies exposed supply chain weaknesses

By ERIC TUCKER Associated Press

WASHINGTON (AP) — The elite Russian hackers who gained access to computer systems of federal agencies last year didn't bother trying to break one-by-one into the networks of each department.

Instead, they got inside by sneaking malicious code into a software update pushed out to thousands of government agencies and private companies.

That the hackers were able to exploit vulnerabilities in the supply chain to launch a massive intelligence gathering operation was not surprising. U.S. officials and cybersecurity experts have sounded the alarm for years about a problem that has caused havoc but has defied easy solutions from the government and private sector.