The AP is reporting that supply chain weaknesses in the defense industrial base (DIB) were at the root of the cozybear attack in 2020. The article goes on to explain that it shouldn't come as a surprise -- it's far easier to go after 2nd and 3rd tier suppliers than to attack the government itself or prime contractors like Lockheed Martin or Boeing.

And even if most vendors in the chain are secure, a single point of vulnerability can be all that foreign government hackers need. - AP

We're watching this closely at ThreatSwitch as we continue to develop tools to help our customers collaborate internally and across the supply chain on regulatory compliance with NISPOM, NIST, and CMMC, but also on information sharing on threats and risks.