Steve's company was hit by a cyber-attack. Upon investigation, the malicious network communication was initiated from one of the components of IT monitoring software in use that has a valid digital signature of the software vendor. He confirmed that the component is exactly the same file which can be downloaded from the vendor's legitimate update server. Some of other companies which use the same software is also discovering the same symptom. Choose the most suitable description for this attack.

Vulnerability of the IT monitoring software was exploited.

Hackers intruded the network of Steve's company and disabled the IT monitoring software.

Ransomware modified the original software component.

Software supply chain attack seemed to have happened.