What accurately describes a supply chain attack?

A supply chain attack is accurately described by targeting weaknesses in third-party vendor relationships. This type of attack exploits vulnerabilities that exist not within an organization itself, but rather through external suppliers or partners that provide goods or services. Attackers aim to compromise these vendors to gain access to their clients or partners, which can lead to significant breaches of security and data integrity.

In a supply chain attack, an infiltrated vendor may unwittingly distribute compromised software or hardware to other organizations, thereby allowing the attacker to extend their reach. This method is particularly dangerous because it leverages the inherent trust placed in vendors and can bypass traditional security measures that organizations might have in place to protect their own environments.

The other options, while related to different types of cyber threats, do not specifically encapsulate what a supply chain attack is. Attacks focusing on technology vulnerabilities are more about exploiting flaws within software or systems, an attempt to disrupt internet services addresses a broader category of denial-of-service attacks that affect the availability of networks, and viruses spreading through email attachments pertain to malware distribution, which is a distinct method of compromise not tied to the supply chain context.