1. Home
  2. Techniques
  3. Enterprise
  4. Supply Chain Compromise
  5. Compromise Software Dependencies and Development Tools

Supply Chain Compromise: Compromise Software Dependencies and Development Tools

ID Name
T1195.001 Compromise Software Dependencies and Development Tools
T1195.002 Compromise Software Supply Chain
T1195.003 Compromise Hardware Supply Chain

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software to function properly. Popular open source projects that are used as dependencies in many applications, such as pip and NPM packages, may be targeted as a means to add malicious code to users of the dependency.[1][2][3] This may also include abandoned packages, which in some cases could be re-registered by threat actors after being removed by adversaries.[4] Adversaries may also employ "typosquatting" or name-confusion by choosing names similar to existing popular libraries or packages in order to deceive a user.[5][6][7]

Additionally, CI/CD pipeline components, such as GitHub Actions, may be targeted in order to gain access to the building, testing, and deployment cycles of an application.[8] By adding malicious code into a GitHub action, a threat actor may be able to collect runtime credentials (e.g., via Proc Filesystem) or insert further malicious components into the build pipelines for a second-order supply chain compromise.[9] As GitHub Actions are often dependent on other GitHub Actions, threat actors may be able to infect a large number of repositories via the compromise of a single Action.[10]

Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.

ID: T1195.001
Sub-technique of:  T1195
Tactic: Initial Access
Platforms: Linux, Windows, macOS
Contributors: Enis Aksu; Joe Gumke, U.S. Bank; Liran Ravich, CardinalOps
Version: 1.3
Created: 11 March 2020
Last Modified: 24 October 2025
Version Permalink

Procedure Examples

ID Name Description
S1246 BeaverTail

BeaverTail has been hosted on code repositories and disseminated to victims through NPM packages.[11][12][13][14][15]
S0658 XCSSET

XCSSET adds malicious code to a host's Xcode projects by enumerating CocoaPods target_integrator.rb files under the /Library/Ruby/Gems folder or enumerates all .xcodeproj folders under a given directory. XCSSET then downloads a script and Mach-O file into the Xcode project folder.[16]

Mitigations

ID Mitigation Description
M1013 Application Developer Guidance

Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.[17] GitHub Actions may be pinned to a specific commit hash rather than a tag or branch.[8]

M1033 Limit Software Installation

Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.[17]
M1051 Update Software

A patch management process should be implemented to check unused dependencies, unmaintained and/or previously vulnerable dependencies, unnecessary features, components, files, and documentation.
M1016 Vulnerability Scanning

Continuous monitoring of vulnerability sources and the use of automatic and manual code review tools should also be implemented as well.[18]

Detection Strategy

ID Name Analytic ID Analytic Description
DET0009 Supply-chain tamper in dependencies/dev-tools (manager→write/install→first-run→egress) AN0021

Adversary manipulates dependencies/dev tools used by developers or CI: a package manager (npm/yarn/pnpm, pip/pipenv, nuget/dotnet, chocolatey/winget, maven/gradle) or a compiler/IDE downloads or restores content; files are written under project paths and execution paths (node_modules, packages, .nuget, .gradle, .m2, %AppData%\npm, %UserProfile%.cargo\bin, temp build dirs). First run of newly written components triggers scripts (preinstall/postinstall), shell/PowerShell spawning, or loader DLLs, followed by network egress to non-approved registries/CDNs.
AN0022

Developer or CI invokes package managers/compilers (apt/yum + build-essential, npm/yarn/pnpm, pip/pip3, gem, cargo, go, maven/gradle). These write executable or script files into PATH or project dirs and immediately execute embedded lifecycle hooks (preinstall/postinstall, setup.py, npm scripts) that spawn shells or curl/wget, followed by egress to unfamiliar registries or domains.
AN0023

Developer tools (Homebrew, pip, npm/yarn, Xcode builds) install or update dependencies; new Mach-O or scripts appear under /usr/local, /opt/homebrew, ~/Library/Application Support, project dirs (node_modules/.bin, venv/bin). First run spawns sh/zsh/osascript/curl and new outbound flows; Gatekeeper/AMFI may flag unsigned components.

References

  1. Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.
  2. Silviu Stahie. (2021, November 8). Popular NPM Repositories Compromised in Man-in-the-Middle Attack. Retrieved May 22, 2025.
  3. MANDVI. (2025, April 22). Malicious npm and PyPI Packages Disguised as Dev Tools to Steal Credentials. Retrieved September 24, 2025.
  4. Ravie Lakshmanan. (2024, September 4). Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack. Retrieved May 22, 2025.
  5. Deeba Ahmed. (2025, June 2). Backdoors in Python and NPM Packages Target Windows and Linux. Retrieved September 24, 2025.
  6. Darren Meyer. (2025, May 28). PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion. Retrieved September 24, 2025.
  7. Yehuda Gelb. (2024, April 10). New Technique to Trick Developers Detected in an Open Source Supply Chain Attack. Retrieved June 18, 2024.
  8. Omer Gilm Aviad Hahami, Asi Greenholts, and Yaron Avital. (2025, March 20). GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment . Retrieved May 22, 2025.
  9. OWASP. (n.d.). CICD-SEC-4: Poisoned Pipeline Execution (PPE). Retrieved May 22, 2025.
  1. Asi Greenholts. (2023, September 14). The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree. Retrieved May 22, 2025.
  2. eSentire Threat Response Unit (TRU). (2024, November 14). Bored BeaverTail & InvisibleFerret Yacht Club – A Lazarus Lure Pt.2. Retrieved October 17, 2025.
  3. Insikt Group. (2025, February 13). Inside the Scam: North Korea’s IT Worker Threat. Retrieved October 17, 2025.
  4. Seongsu Park. (2024, November 4). From Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West. Retrieved October 17, 2025.
  5. Unit 42. (2023, November 21). Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors. Retrieved October 17, 2025.
  6. Unit42. (2024, October 9). Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware. Retrieved October 17, 2025.
  7. Mac Threat Response, Mobile Research Team. (2020, August 13). The XCSSET Malware: Inserts Malicious Code Into Xcode Projects, Performs UXSS Backdoor Planting in Safari, and Leverages Two Zero-day Exploits. Retrieved October 5, 2021.
  8. Daniel Krivelevich and Omer Gil. (n.d.). Top 10 CI/CD Security Risks. Retrieved November 17, 2024.
  9. OWASP. (2018, February 23). OWASP Top Ten Project. Retrieved April 3, 2018.