Over the past few weeks, we have witnessed several supply chain attacks specifically against package ecosystems. Here is a list of the ones that made the headlines recently:
Nx (npm)
Attacker exploits a vulnerable CI workflow (the vulnerable CI was introduced by AI) to insert malicious code into nx build.
This attacks leveraged advanced techniques observed for the first time:
- detection of CI vulnerability and exploiting it in a short time
- AI based payload (the payload looks for AI CLI tools like Gemini, Q, Claude, and leverages them to do its thing).
Qix compromise packages (npm):
A well known Javascript developer (qix) gets targeted via MFA reset phishing email. Their compromise results in the attacker publishing malicious packages that normally get downloaded 2 billion times a week.
The malicious packages are inserting crypto-stealing code into web applications
Shai-hulud (npm)
This is the first successful npm self-propagating supply chain attack, and had:
- Built-in secrets-scanner (TruffleHog) to steal secrets from local machine
- Propagation mechanism to other npm packages if npm token found
- Propagation mechanism to CI (Github Workflows) to steal secrets from there
As a result of this attack, it is believed the even OpenAI’s codex was compromised, alongside almost 500 other npm packages.
GhostAction (pypi)
FastUUID developer account compromised.
The attacker could have published malicious versions of this package, but chose not to, and instead only published a malicious Github Workflow that exfiltrated secrets.
Eventually does the same to many other repos, leading to over 300 affected users, and over 3k leaked secrets.
All of these attacks were within weeks/days apart.
What can we notice among these attacks:
- Initial Access: Attackers employed different initial access vectors, such as: vulnerable CI/CD pipelines, phishing/targeting of upstream developers, using credentials from a previous attack (compromised credential) and Worm-like propagation
- Payloads: Attackers employed different payloads, such as: Crypto theft, Secrets/Tokens theft, Malware insertion, source code publishing (of private code bases)
We have been tracking malicious supply chain activity for several years now, and we know the following is now true:
- Attacker sophistication is increasing
- Blast radius is getting larger
The cat is out of the bag. Attackers now have new knowledge, and are putting it to use quickly. The attack sophistication is increasing, almost daily.
Furthermore, we are seeing the attacks that are caught. There will be ones that slip through the cracks for longer.
Good news:
- As an industry, we are able to find these flaws faster than before - many companies, including boostsecurity.io are applying advanced analysis techniques to detect malware. There is machinery to check for all new code updates. However, this is a cat and mouse game. It is possible to craft payloads that are harder to detect.
- Native packaging tools/ecosystems are improving out-of-box security features. For example pnpm recently added the ability to set a minimumReleaseAge (delays installation of newly released dependencies)
Bad news:
- These attacks are still very easy to perform. There will be a lot more of these in the coming months. Prepare your playbooks.
- There are plenty more ecosystems to cover - and attackers will find their paths to these systems. Npm was mostly in the news. However, we also know of AI models, IDE extensions, Browser extensions, Homebrew packages, Container images, Github actions, and much much more…
What boostsecurity is doing about this:
- We have been researching supply chain attacks of this nature for many years now, and have published attack trees, open source tools (poutine - a CI/CD security scanner, and Living-off-the-pipeline), intentionally vulnerable github org, among many others. We have helped companies such as Google, Amazon, NVIDIA, RedHat, Hashicorp, and many more fix supply chain vulnerabilities.
- Our commercial product helps customers prevent such incidents from affecting them, or detecting & responding to the incident after the fact if it was too late.
- We will soon be releasing more open source tools to help protect developers against supply chain attacks of this nature…
Contact us directly if you would like to know boostsecurity.io can protect your entire software factory - including against attacks such as these latest supply chain ones…
