In a supply-chain attack, hackers target software vendors with the intention of infiltrating and compromising the software being distributed. This method leverages the trust users place in the vendor’s delivery mechanisms to install software that appears legitimate, but actually contains malicious elements. This allows attackers to spread malware more broadly and effectively without the immediate suspicion that might arise if they targeted end-users directly.