Which strategy involves compromising a vendor to launch an attack on their clients?

The strategy that involves compromising a vendor to launch an attack on their clients is best described as a supply chain attack. This type of attack occurs when an adversary targets a business's supply chain in order to gain access to the organization's data or systems through third-party vendors. By compromising the vendor, the attacker can exploit the established trust between the vendor and the client, allowing them to infiltrate the client's environment undetected.

Supply chain attacks can be particularly effective because they leverage the relationships and dependencies that organizations have on their suppliers, making them difficult to defend against. This method can lead to significant data breaches and other malicious activities, impacting not only the vendor but also its clients and possibly the customers of those clients.

The other strategies listed do not specifically involve the compromise of a vendor in this manner. Watering hole attacks focus on compromising a website that the targeted individuals often visit, spear phishing is a direct attack on specific individuals via deceptive emails, and physical attacks refer to assaults on physical assets or personnel rather than cyber intrusions on vendors. Thus, supply chain attacks distinctly encapsulate the concept of utilizing a vendor’s vulnerability to harm their clients.