The Silent Threat: How Software Supply Chain Attacks Work — And Who's Been Hit

Imagine hiring a contractor to renovate your office. You check their license, their references, their reviews. Everything looks great. What you don't know is that somewhere in their supply chain — a subcontractor, a tool manufacturer, a materials supplier — someone has been quietly compromised for the past two years. The work gets done. The building looks fine. And the backdoor installed in your walls won't be discovered until it's too late.

That's a software supply chain attack. And in the past 18 months, they've become one of the most dangerous and fastest-growing threats in cybersecurity.

What Is a Software Supply Chain Attack?

Modern software is almost never built from scratch. Every application you install — whether it's accounting software, remote monitoring tools, or a web browser — is assembled from hundreds or thousands of smaller components. Libraries, open-source packages, build tools, CI/CD pipelines, update systems. Each one is a link in the chain.

A supply chain attack targets one of those links — not your software directly, but something your software trusts. The attacker doesn't need to break into your network. They compromise the software before it ever reaches you.

The Three Main Attack Vectors

1. Compromised Open-Source Packages

Developers pull code from public repositories like npm (JavaScript), PyPI (Python), and GitHub millions of times per day. Attackers publish malicious packages with names similar to legitimate ones (typosquatting), or compromise the accounts of legitimate package maintainers to push poisoned updates.

2. Maintainer Takeover

This is the long game. An attacker spends months — sometimes years — building trust as a legitimate contributor to an open-source project. They file bug reports, submit helpful fixes, build a reputation. Then, once they've earned maintainer access, they slip in a hidden backdoor. This was the strategy behind the XZ Utils attack, where the attacker spent two years building credibility before striking — and nearly compromised SSH servers on millions of Linux systems worldwide.

3. Poisoned Build Pipelines

CI/CD systems (the automated tools that build, test, and deploy software) are a goldmine for attackers. If they can inject malicious code into a GitHub Action or build script, every piece of software produced by that pipeline is compromised — and it gets shipped automatically to every customer.

Who's Been Hit Recently

The pace of attacks has accelerated dramatically. In 2025, 97% of major organizations globally reported being impacted by a supply chain breach — up from 81% the previous year. Here's a look at some of the most significant incidents:

axios — March 2026

One of the most widely-used JavaScript HTTP libraries — with hundreds of millions of downloads — was compromised when an attacker phished a maintainer's account. Two malicious versions were published containing a hidden dependency that installed a Remote Access Trojan (RAT) on developer machines running Windows, macOS, and Linux. OpenAI was among the affected parties and had to revoke its macOS app signing certificate. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog.

Shai-Hulud Campaign — September–November 2025

A sophisticated, worm-like attack that swept through the npm JavaScript ecosystem in two waves. The malware used compromised tokens to publish itself to additional packages and spread through GitHub Actions workflows. By the end of the second wave, over 25,000 repositories and roughly 700 npm packages had been infected, stealing credentials, SSH keys, cloud API tokens, and cryptocurrency wallets from developers.

Nx Build Tool — August 2025

The Nx build tool ecosystem was hit when a compromised token allowed attackers to push malicious versions. Notably, the malware used installed AI CLI tools — including Claude, Gemini, and Amazon Q — as reconnaissance vectors, stealing credentials from thousands of developers.

npm debug/chalk/ansi-styles — September 2025

Three foundational JavaScript packages used in billions of downstream installations were hijacked via maintainer phishing. The attacker sent a fake "Update 2FA Now" email that bypassed the maintainer's existing two-factor authentication. Crypto-stealing payloads were injected before the attack was caught — but only after a 2–3 hour exposure window.

SharePoint ToolShell — July 2025

Attackers exploited a chain of vulnerabilities in Microsoft SharePoint on-premises servers in a campaign targeting government and healthcare sectors. Organizations including Barts Health (NHS), Canon, GlobalLogic, LKQ, Logitech, and Mazda were among those impacted.

Oracle E-Business Suite — October 2025

The Clop ransomware group exploited unpatched vulnerabilities in Oracle's E-Business Suite, targeting executives with extortion emails threatening to release stolen data. Organizations running unpatched EBS instances were actively being attacked.

tj-actions/changed-files — 2025

A cascading GitHub Actions compromise: attackers poisoned one dependency that infected another that infected a widely-used action. Thousands of projects using the affected action had their CI/CD secrets exposed during the window of compromise.

Why This Is Getting Worse

Attackers are getting more patient. The XZ Utils attacker spent two years building trust before striking. The axios attackers studied that playbook and applied it. "Precision attacks" — embedding in development ecosystems for months before acting — are becoming the new standard.

The attack surface keeps expanding. Every open-source dependency is a potential entry point. The average enterprise application has hundreds of direct dependencies and thousands of transitive ones. Auditing all of them is practically impossible.

AI tools are being weaponized. The Nx attack used installed AI CLI tools as part of its reconnaissance. As AI coding assistants become standard in developer workflows, they become part of the attack surface.

Speed works against defenders. A malicious package can go from publication to production across thousands of organizations in minutes — often faster than anyone can respond.

What You Can Do About It

For most businesses, you can't audit your entire software supply chain. But you can meaningfully reduce your exposure:

• Endpoint Detection & Response (EDR) — tools like NinjaOne, CrowdStrike, or Microsoft Defender can catch malicious behavior even when the initial infection vector is a trusted package
• MFA everywhere, hardware keys where possible — FIDO2 security keys can't be phished; SMS and TOTP codes can
• Monitor for anomalous outbound connections — RATs and data exfiltration leave network traces
• Keep systems patched — most of the SharePoint and Oracle incidents exploited known, patchable vulnerabilities
• Principle of least privilege — build tools and CI/CD systems shouldn't have write access to everything
• Verify before you trust — unexpected updates to critical software warrant a second look

The Bottom Line

Supply chain attacks are attractive to adversaries for one simple reason: compromising one supplier gives you access to thousands of targets. The trust we place in software — the assumption that a popular package from a known name is safe — is exactly what attackers exploit.

Mandiant's CTO said it plainly: "The number of recent software supply chain attacks is overwhelming. Defenders need to pay close attention."

At Poole Associates, we help Charlotte-area businesses stay ahead of these threats through proactive monitoring, endpoint security, and practical security guidance. If you'd like to assess your exposure or talk through what protections make sense for your environment, reach out to us.