TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Palo Alto Unit 42

The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1)

Unit 42 · 4 days ago · Read original ↗

ATT&CK techniques detected

43 predictions
T1195.001Compromise Software Dependencies and Development Tools
99%
“##s ( e. g., shai - hulud 2. 0, axios, chalk / debug ) - cross - campaign correlation : identifying common infrastructure or code snippets that link disparate attacks to the same threat actors - remediation playbooks : actionable guidance for rotating credentials and purging mali…”
T1195.001Compromise Software Dependencies and Development Tools
99%
“force multiplier for malware distribution. in the months following, we have observed three core shifts in adversary ttps : - wormable propagation : malicious payloads now prioritize the theft of npm tokens and github personal access tokens ( pats ) to automatically infect and rep…”
T1195.001Compromise Software Dependencies and Development Tools
99%
“messages as a token dead - drop to recover stolen github tokens - using them to spread once a usable token is obtained, the payload : - copies itself into execution [. ] js - writes setup. mjs - sets " preinstall " : " node setup. mjs " in package. json - increments the patch ver…”
T1027Obfuscated Files or Information
98%
“e. g., aws sdk, google cloud client libraries, azure identity, octokit, jsonwebtoken, tar ) alongside the malicious orchestration code. obfuscation techniques the code employs multiple layers of obfuscation : - string table rotation : a function _ 0x214e resolves hex indices to s…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“##lud : the third coming. ” attackers deployed the same payload across multiple checkmarx distribution channels, indicating a coordinated campaign to weaponize compromised developer tooling credentials to maximize the area of impact : - docker hub images - github actions - vs cod…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“. 48 combined, these packages carry approximately 570, 000 weekly downloads, with @ cap - js / sqlite and @ cap - js / db - service each pulling around 250, 000 and 260, 000 downloads, respectively. all four packages are part of sap ' s cloud application programming ( cap ) model…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“falls back to / - / v1 / search? text = maintainer : < user > for public packages tarball download and backdooring for each target package : - downloads the latest tarball from the npm registry - extracts it to a temporary directory - copies the bun binary into the package - rewr…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“20, v2. 1. 21, latest, alpine, debian ) - github actions : malicious checkmarx / ast - github - action v2. 3. 35 - vs code extensions : backdoored checkmarx / ast - results ( v2. 63, v2. 66 ) and checkmarx / cx - dev - assist ( v1. 17, v1. 19 ) - npm : the @ bitwarden / cli packa…”
T1195.001Compromise Software Dependencies and Development Tools
98%
“related to npm packages, we encourage you to move beyond static defenses and embrace a culture of continuous verification. the supply chain may be the new primary target, but with collective intelligence and relentless visibility, it doesn ’ t have to be the primary vulnerability…”
T1195.001Compromise Software Dependencies and Development Tools
97%
“the npm threat landscape : attack surface and mitigations ( updated may 1 ) executive summary the security of the npm ecosystem reached a critical inflection point in september 2025. the shai - hulud worm, a self - replicating malware that automated the compromise and redistribut…”
T1195.001Compromise Software Dependencies and Development Tools
97%
“may have been exposed : npm tokens, github pats, aws / azure / google cloud keys, ssh keys and ci / cd secrets. - audit npm packages you maintain for unauthorized version bumps or new preinstall hooks. - review github for unauthorized repository creation, unexpected workflow file…”
T1195.001Compromise Software Dependencies and Development Tools
97%
“##sgoingonwithgithub ( dead drop ) indicators from april 22, 2026 activity network indicators table 3 lists the network indicators from this activity. table 3. network indicators. github indicators table 4 lists the github indicators from this activity. table 4. github indicators…”
T1195.001Compromise Software Dependencies and Development Tools
95%
“the self - replication artifact the worm ( bw1. js ) injected into every npm package the victim could publish. the sap packages use that same filename as their bootstrapper, and the two share clear common lineage : same bun version ( 1. 3. 13 ), same alpine / musl detection logic…”
T1587Develop Capabilities
95%
“the npm threat landscape : attack surface and mitigations ( updated may 1 ) executive summary the security of the npm ecosystem reached a critical inflection point in september 2025. the shai - hulud worm, a self - replicating malware that automated the compromise and redistribut…”
T1195.001Compromise Software Dependencies and Development Tools
89%
“targeted checkmarx infrastructure in march 2026, along with trivy and litellm, suggesting an ongoing campaign against security tooling vendors. attack overview table 1 shows the attributes of the attack. table 1. attributes of the attack. the bitwarden security team provided the …”
T1587Develop Capabilities
88%
“falls back to / - / v1 / search? text = maintainer : < user > for public packages tarball download and backdooring for each target package : - downloads the latest tarball from the npm registry - extracts it to a temporary directory - copies the bun binary into the package - rewr…”
T1195.001Compromise Software Dependencies and Development Tools
87%
“##itizing recently active ones - checks whether each repo has configured github actions secrets ( skips repos without them ) - creates a new branch, commits. github / workflows / format - check. yml — a malicious workflow that dumps all secrets, as shown below in figure 4 - downl…”
T1587Develop Capabilities
83%
“force multiplier for malware distribution. in the months following, we have observed three core shifts in adversary ttps : - wormable propagation : malicious payloads now prioritize the theft of npm tokens and github personal access tokens ( pats ) to automatically infect and rep…”
T1195.001Compromise Software Dependencies and Development Tools
82%
“##ware used github ' s public commit search api as a covert c2 channel. it embedded stolen tokens in commit messages matching longlivetheresistanceagainstmachines : < base64 > and used them to bootstrap new exfiltration channels without attacker - controlled infrastructure. this …”
T1195.002Compromise Software Supply Chain
81%
“targeted checkmarx infrastructure in march 2026, along with trivy and litellm, suggesting an ongoing campaign against security tooling vendors. attack overview table 1 shows the attributes of the attack. table 1. attributes of the attack. the bitwarden security team provided the …”
T1567.001Exfiltration to Code Repository
79%
“##ware used github ' s public commit search api as a covert c2 channel. it embedded stolen tokens in commit messages matching longlivetheresistanceagainstmachines : < base64 > and used them to bootstrap new exfiltration channels without attacker - controlled infrastructure. this …”
T1195.001Compromise Software Dependencies and Development Tools
78%
“##ersonation attack steals cloud credentials and spreads across npm supply chains – cortex cloud, palo alto networks updated april 27, 2026 at 2 : 15 p. m. pt to add information about bitwarden and link to the cortex cloud article in the additional references section. updated may…”
T1567.001Exfiltration to Code Repository
77%
“is sent via post hxxps [ : ] / / audit. checkmarx [. ] cx : 443 / v1 / telemetry. secondary : github public repositories ( ky class ) using stolen github tokens, the malware : - creates a new public repository under the victim ' s account with the description " checkmarx configur…”
T1195.001Compromise Software Dependencies and Development Tools
77%
“##e, 0x36, 0x4b, 0x2b, 0x5c, 0xd, 0x57, 0x0, 0xd, 0x7, 0x26, 0x42, 0x3, 0x2a, 0x5c, 0xd, 0x2a ], which decodes to an ascii string for the domain audit. checkmarx [. ] cx. - gzip and base64 embedded payloads : several blobs are stored as gzip - compressed base64 strings, including…”
T1059.007JavaScript
75%
“setup. js ensures it runs as a node. js script when called directly. the bootstrap script performs three actions : - platform detection : identifies the os and architecture ( linux, macos, windows ; x64 or arm64 ), including musl versus glibc detection on linux. - bun runtime dow…”
T1587Develop Capabilities
73%
“##s ( e. g., shai - hulud 2. 0, axios, chalk / debug ) - cross - campaign correlation : identifying common infrastructure or code snippets that link disparate attacks to the same threat actors - remediation playbooks : actionable guidance for rotating credentials and purging mali…”
T1102.003One-Way Communication
62%
“installs it, creating an exponential propagation vector. c2 resilience : the github dead drop the malware implements a fall back mechanism for c2 resilience using github ' s public search api as a covert command channel. if the primary c2 server ( audit. checkmarx [. ] cx ) is un…”
T1587Develop Capabilities
61%
“related to npm packages, we encourage you to move beyond static defenses and embrace a culture of continuous verification. the supply chain may be the new primary target, but with collective intelligence and relentless visibility, it doesn ’ t have to be the primary vulnerability…”
T1195.001Compromise Software Dependencies and Development Tools
58%
“an sbom for every production release. this allows your security team to perform instant impact analysis when a new zero - day is announced. palo alto networks product protections related to compromised npm packages palo alto networks customers can leverage a variety of product pr…”
T1555.006Cloud Secrets Management Stores
57%
“context. aws ssm provider ( ku ) uses the bundled aws sdk ( ssmclient, describeparameters, getparameter ) to enumerate and read parameters from aws systems manager parameter store. azure key vault provider ( rn ) uses azure identity and key vault sdk to call getsecretsfromvault, …”
T1567.001Exfiltration to Code Repository
53%
“- full environment variable blocks - github actions secrets - aws sts identity - secrets manager and ssm parameters - azure key vault secrets - gcp secret manager values - kubernetes service account tokens - claude and mcp configuration files - electrum wallets - vpn configs a pa…”
T1204.005Malicious Library
51%
“the npm threat landscape : attack surface and mitigations ( updated may 1 ) executive summary the security of the npm ecosystem reached a critical inflection point in september 2025. the shai - hulud worm, a self - replicating malware that automated the compromise and redistribut…”
T1195.001Compromise Software Dependencies and Development Tools
51%
“during that window were not affected. bitwarden completed a review of internal environments, release paths and related systems. they found no additional impacted products or environments at this time. a cve for bitwarden cli version 2026. 4. 0 is being issued in connection with t…”
T1587Develop Capabilities
46%
“messages as a token dead - drop to recover stolen github tokens - using them to spread once a usable token is obtained, the payload : - copies itself into execution [. ] js - writes setup. mjs - sets " preinstall " : " node setup. mjs " in package. json - increments the patch ver…”
T1195.001Compromise Software Dependencies and Development Tools
44%
“means the malicious code executes automatically during the npm install process, before the installation is complete. the setup. mjs bootstrapper detects the host os and architecture, then performs the following activities : - downloading the bun javascript runtime ( v1. 3. 13 ) f…”
T1552.005Cloud Instance Metadata API
43%
“context. aws ssm provider ( ku ) uses the bundled aws sdk ( ssmclient, describeparameters, getparameter ) to enumerate and read parameters from aws systems manager parameter store. azure key vault provider ( rn ) uses azure identity and key vault sdk to call getsecretsfromvault, …”
T1195.001Compromise Software Dependencies and Development Tools
42%
“private registry proxying never allow developer machines or ci runners to talk directly to registry. npmjs [. ] org. route all traffic through a private registry. namespace shadowing ( prevention of dependency confusion ) attackers often publish packages with the same name as you…”
T1041Exfiltration Over C2 Channel
40%
“domain - verifies the second capture group as a digital signature ( 512 - byte rsa - 4096 ) against the hard - coded public key er, ensuring only the attacker can direct the malware to a new c2 server at the time of analysis, the dead drop contained a placeholder value ( hxxps [ …”
T1587Develop Capabilities
40%
“20, v2. 1. 21, latest, alpine, debian ) - github actions : malicious checkmarx / ast - github - action v2. 3. 35 - vs code extensions : backdoored checkmarx / ast - results ( v2. 63, v2. 66 ) and checkmarx / cx - dev - assist ( v1. 17, v1. 19 ) - npm : the @ bitwarden / cli packa…”
T1587Develop Capabilities
38%
“##sgoingonwithgithub ( dead drop ) indicators from april 22, 2026 activity network indicators table 3 lists the network indicators from this activity. table 3. network indicators. github indicators table 4 lists the github indicators from this activity. table 4. github indicators…”
T1552.001Credentials In Files
35%
“##s ( e. g., shai - hulud 2. 0, axios, chalk / debug ) - cross - campaign correlation : identifying common infrastructure or code snippets that link disparate attacks to the same threat actors - remediation playbooks : actionable guidance for rotating credentials and purging mali…”
T1587Develop Capabilities
35%
“. 48 combined, these packages carry approximately 570, 000 weekly downloads, with @ cap - js / sqlite and @ cap - js / db - service each pulling around 250, 000 and 260, 000 downloads, respectively. all four packages are part of sap ' s cloud application programming ( cap ) model…”
T1102.002Bidirectional Communication
30%
“installs it, creating an exponential propagation vector. c2 resilience : the github dead drop the malware implements a fall back mechanism for c2 resilience using github ' s public search api as a covert command channel. if the primary c2 server ( audit. checkmarx [. ] cx ) is un…”

Summary

Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.

The post The npm Threat Landscape: Attack Surface and Mitigations (Updated May 1) appeared first on Unit 42.