Apple's top security employee told Congress on Monday that it has not found anything to suggest that its systems were compromised through a sophisticated breach of its supply chain.

Our Breakdown

  • Hardware modification is a possibility in the growing list of supply chains attacks directed at businesses and government agencies. (Though in this case it doesn’t seem like it’s the case) If the hardware is modified, you can’t trust anything the system itself tells you, so host-based tools may not be able to detect such incidents.
  • In such cases, network monitoring still works and isn’t impacted by such techniques so it is still possible to detect such breaches.
  • This specific case, if there are known indicators of compromise, those can be put into DNS servers or firewalls to detect and block such attacks.
  • Even without direct intelligence, statistical monitoring of network activity and machine learning to detect suspect infrastructure can identify otherwise unknown attackers using such attacks.

Interesting in learning more about ThreatSTOP? Check us out at