Are those the ones typically involved in supply chain attacks?

There are no perfect solutions; but, let's be reasonable.