Not only since Russia went to war again and the BSI warned against the use of Kaspersky's AV products, many companies are concerned about security risks emanating from purchased products or services. The prominent incidents at Solarwinds have already put the topic of "supply chain attacks" on the agenda in many organisations. But what constitutes supply chain attacks, what concrete examples have there been in the past and how should one deal with them? The lecture describes numerous attacks via supply chains from the past and shows the special features as well as the different variants of such attacks. It also presents various protective measures as well as their limitations with regard to supply chain attacks and recommends strategies for protection.