The software supply chain is currently facing a heightened level of attack, not from a single threat actor or incident, but from a widespread campaign that has been escalating for months. This week, the popular HTTP client library axios, downloaded 83 million times per week and present in roughly 80% of cloud environments, was compromised via a hijacked maintainer account. Two backdoored versions deployed platform-specific RATs attributed to North Korea’s Lazarus Group. The malicious versions were live for approximately three hours, which was enough to cause damage.
This incident follows the TeamPCP campaign in March, where Aqua Security’s Trivy vulnerability scanner was weaponized, leading to a cascade of compromises into various packages and tools. Prior to that, the Shai-Hulud worm and GlassWorm attack also targeted the npm ecosystem, spreading through invisible Unicode payloads. The common pattern in all these incidents is that attackers steal developer credentials to poison trusted packages, leading to a self-reinforcing cycle of compromise and credential theft.
The root cause of these compromises is the implicit trust placed in various components of the software supply chain. Organizations often assume trust where it should be verified, leading to vulnerabilities that attackers exploit. To mitigate such risks, it is essential to shift towards a posture of verifying trust at every layer of the stack. This includes using trusted base images, pinning references to specific versions, employing cooldown periods for dependency updates, and generating SBOMs at build time.
Securing the CI/CD pipelines is also crucial in preventing supply chain attacks. Organizations should treat every CI runner as a potential breach point, use short-lived and narrowly scoped credentials, deploy internal mirrors or artifact proxies, and test dependency updates in environments without production secrets. Additionally, securing endpoints by deploying canary tokens, cleaning up credential sprawl, and using EDR with behavioral detection can help prevent attacks that start at the developer machine level.
The rise of AI development has introduced new challenges in the software supply chain, with AI coding agents posing additional risks. Running agents in sandboxed environments, governing MCP servers, and standardizing on fewer tools can help mitigate these risks. Building incident response capabilities, maintaining SBOMs for everything in production, and having playbooks ready for quick response are essential in dealing with supply chain attacks.
As the threat landscape evolves, organizations need to adapt their default security measures to establish explicit trust boundaries and protect against supply chain attacks. By implementing best practices such as using hardened base images, generating SBOMs at build time, and deploying sandboxed environments for AI development, organizations can enhance their security posture and defend against the increasing threats in the software supply chain. At Docker, we follow these practices to protect ourselves and our customers from potential attacks.
For more Information, Refer to this article.
