Supply-chain attacks have been one of the most dangerous categories of cybersecurity incidents for years now. And if 2025 taught us anything, it’s that cybercriminals are doubling down on them. In this deep dive, we’re looking at supply-chain attacks from 2025 that, while not always the costliest, were certainly the most unusual and caught the industry’s attention.
As a “warm-up” after the holiday break, cybercriminals systematically backdoored several versions of DogWifTools. This is a utility designed for launching and vigorously promoting Solana-based meme coins on Pump.fun. After compromising the private GitHub repository for DogWifTools, the attackers waited for the developers to upload a fresh build, injected a RAT into it, and then swapped the legitimate program with their malicious version just a few hours later. According to the developers, the threat actors successfully trojanized versions 1.6.3 through 1.6.6 of DogWifTools for Windows.
The endgame was triggered in late January. After using the RAT to harvest a massive amount of data from infected devices, the attackers drained their victims’ crypto wallets. While victims estimate the total haul at over US$10 million in cryptocurrency, the attackers themselves disputed that figure — though they stopped short of revealing exactly how much they’d actually made off with.
If January was a warm-up, February was a total meltdown. The Bybit crypto exchange hack completely eclipsed previous incidents — becoming the largest crypto heist in history. The attackers managed to compromise the Safe{Wallet} software, the multisig cold storage solution the exchange relied on to manage its assets.
Bybit employees thought they were signing a routine transaction; in reality they were authorizing a malicious smart contract. Once executed, it drained a primary cold wallet, dispersing the funds across several hundred attacker-controlled addresses. The final haul exceeded 400 000 ETH/stETH, with a staggering total value of approximately… US$1.5 billion!
Spring 2025 kicked off with a sophisticated attack that used a compromise of multiple GitHub Actions — the workflow patterns used to automate standard DevOps tasks — as its primary delivery mechanism. It all started with the theft of a personal access token belonging to a maintainer of the SpotBugs analysis tool. Using this foothold, the attackers published a malicious process and managed to hijack a token from a maintainer of the reviewdog/action-setup workflow, who was also involved in the project.
From there, they compromised a dependency, the tj-actions/changed-files workflow, modifying it to execute a malicious Python script. This script was designed to hunt for high-value secrets, such as AWS, Azure and Google Cloud keys, GitHub and NPM tokens, database credentials, and RSA private keys. Oddly, the script wrote everything it found directly to publicly accessible build logs. This meant the leaked data wasn’t just available to the attackers, but to anyone savvy enough to look.
The original goal of this operation was a repository belonging to the Coinbase crypto exchange. Fortunately, the developers caught the threat in time and prevented the compromise. After apparently realizing they were about to lose control of the tj-actions/changed-files pipeline, the attackers pivoted to a spray-and-pray approach. This put 23 000 repositories at risk of a secrets leak. In the end, several hundred of those repositories actually saw their sensitive credentials exposed to the public.
In April, an infection was discovered across a whole range of extensions for Magento, one of the most popular platforms for building online stores. The backdoor was embedded into 21 modules developed by three vendors: Tigren, Meetanshi, and MGS. These extensions were part of the infrastructure for several hundred e-commerce companies, including at least one multinational corporation.
According to the researchers who discovered it, the backdoor was actually planted way back in 2019. In April 2025, the attackers finally triggered it to compromise websites and upload web shells. This was accomplished through a function embedded in the extensions that executed arbitrary code pulled from a license file.
Ironically, the infected modules included MGS GDPR and Meetanshi CookieNotice. As the names suggest, these extensions were designed to help sites comply with user privacy and data processing regulations. In the end, instead of ensuring privacy, their use most probably led to the theft of user data and financial assets through web skimming.
In May, ransomware actors from the DragonForce gang gained access to the infrastructure of an unnamed managed service provider (MSP) and used it to distribute their ransomware and steal data from the MSP’s client organizations.
It appears the attackers exploited several vulnerabilities (including one critical flaw) in SimpleHelp, the remote monitoring and management tool used by the MSP. These vulnerabilities were discovered back in 2024 and were publicly disclosed and patched in January 2025. Unfortunately, the MSP evidently decided not to rush the update process — a delay the ransomware gang was more than happy to exploit.
At the start of the summer, attackers hacked the account of one of the Gluestack library maintainers and used a stolen access token to inject backdoors into 17 npm packages. The most popular of these packages, @react-native-aria/interactions, boasted 125 000 weekly downloads, while all the compromised packages combined totaled over a million.
What’s particularly interesting in this case are the steps the Gluestack developers took following the incident: first, they restricted GitHub repository access for secondary contributors; second, they enabled two-factor authentication (2FA) for publishing new versions; and third, they promised to implement secure development practices like pull-request-based workflow, systematic code reviews, audit logging, and so on. In other words, prior to the incident a project with hundreds of thousands of weekly downloads had no such measures in place.
In July, npm packages were once again the stars of the show — including the widely used, succinctly named “is” package, which boasts 2.7 million weekly downloads. This JavaScript utility library provides a broad range of type-checking and value validation functions. To pull off a phishing strike against one of the project owners, attackers successfully utilized the oldest trick in the book: typosquatting (using the domain npnjs.com instead of npmjs.com) and a clone of the official npm website.
They then used the compromised account to publish several of their own versions of the package with an embedded backdoor. The infection flew under the radar for six hours: plenty of time for a large number of developers to download the malicious npm packages.
The same phishing tactic was deployed against other developers as well. The attackers leveraged several compromised developer accounts to distribute different variants of their malicious payload. There’s also a strong suspicion that they may have saved some of their haul for future attacks.
In late August, an incident dubbed “s1ngularity” continued the trend of targeting JavaScript developers. Attackers compromised Nx, a popular build system and CI/CD pipeline optimization tool. Malicious code injected into the packages searched through infected developer systems for a vast range of sensitive data, such as crypto wallet keys, npm and GitHub tokens, SSH keys, API keys, and more.
Interestingly, the attackers used locally installed AI tools, such as Claude Code, Gemini CLI, and Amazon Q, to sniff out secrets on the victims’ machines. Everything they found was then posted to public GitHub repositories created in the victims’ names, using titles “s1ngularity-repository”, “s1ngularity-repository-0”, and “s1ngularity-repository-1”. As you might have guessed, that’s where the name of the attack comes from.
Consequently, the private data of hundreds of developers ended up sitting in plain sight, where it could be accessed not just by the attackers, but by absolutely anyone with an internet connection.
The trend of npm package compromises rolled right into September. Following a fresh phishing campaign targeting JavaScript developers, attackers managed to inject malicious code into a few dozen high-profile projects. Some of these, specifically “chalk” and “debug”, boast hundreds of millions of weekly downloads; collectively, the infected packages were racking up over 2.6 billion downloads per week at the time of the breach — and they’ve only grown more popular since.
The payload was a crypto stealer: malware designed to intercept cryptocurrency transactions and reroute them to the attackers’ wallets. Fortunately, despite successfully poisoning some of the world’s most popular projects, the attackers somehow managed to botch the final stage of their operation. In the end, they walked away with a measly US$925.
Just a week later, another major incident struck: the first wave of the self-propagating Shai-Hulud malware, which infected around 150 npm packages, including projects from CrowdStrike. However, the second wave, which hit several months later, proved to be far more destructive. We’ll take a closer look at the Great Worm a bit further down.
Roughly a month after the Shai-Hulud attack, similar self-propagating malware dubbed GlassWorm began infecting Visual Studio Code extensions across both the Open VSX Registry and the Microsoft Extension Marketplace. The attackers were hunting for GitHub, Git, npm, and Open VSX accounts, as well as crypto wallet keys.
The creators of GlassWorm took a highly creative approach to their command-and-control infrastructure: they used a crypto wallet on the Solana blockchain as their primary C2, with Google Calendar serving as a backup communication channel.
Beyond simply draining victims’ crypto wallets and hijacking their accounts to spread the worm further, the attackers also dropped a RAT named Zombi onto infected devices, granting them total control over the compromised systems.
In November, a new nuisance emerged within the npm registry. A coordinated malicious campaign dubbed IndonesianFoods saw attackers flood the registry with tens of thousands of useless packages.
The primary goal here was gaming the system to inflate metrics and farm tokens on tea.xyz, a blockchain platform designed to reward open-source developers. To pull this off, the attackers built a massive web of interdependent projects with the names referencing Indonesian cuisine, such as zul-tapai9-kyuki or andi-rendang23-breki.
The creators of this campaign didn’t bother hijacking accounts. Strictly speaking, the spam packages didn’t even contain a malicious payload — unless you count a script designed to automatically generate new packages every seven seconds. Nevertheless, the incident served as a stark reminder of how vulnerable the npm infrastructure is to large-scale spam campaigns.
The absolute headliner of the year — not just for supply-chain attacks, but likely for the entire cybersecurity field — was the self-propagating malware Shai-Hulud (also known as Sha1-Hulud) targeting developers.
This malware was the logical evolution of the s1ngularity attack we mentioned earlier: it also scours systems for all kinds of secrets and publishes them in open GitHub repositories. However, Shai-Hulud added a self-propagation mechanism to this baseline: the worm infects projects controlled by already-compromised developers by using their stolen credentials.
The first wave of Shai-Hulud hit in September, infecting several hundred npm packages. But toward the end of the year, a second wave arrived, dubbed Shai-Hulud 2.0.
This time, the worm was upgraded with wiper functionality. If the malware failed to find valid npm or GitHub tokens on an infected system, it triggered a destructive payload that erased user files.
Approximately 400 000 secrets were leaked in total as a result of the attack. It’s worth noting that, just like with s1ngularity, all this sensitive data ended up in public repositories where it could be downloaded not only by the attackers but by anyone else. And it’s highly likely that the fallout from this attack will be felt for a long time to come.
One of the first, confirmed cases of an exploit using secrets leaked by Shai-Hulud was a cryptocurrency theft targeting several thousand Trust Wallet users. Attackers used these secrets on Christmas Eve to upload a malicious version of the Trust Wallet extension, complete with a built-in crypto drainer, to the Chrome Web Store. In the end, they managed to make off with US$8.5 million in cryptocurrency.
While putting together a similar retrospective for 2024, we found sticking to a “one month, one threat” structure fairly easy. For 2025, however, it was a much taller order. There were so many massive supply-chain attacks last year that we simply couldn’t fit them all into this one overview.
The year 2026 is shaping up to be just as intense, so we recommend checking out our dedicated post on preventing supply-chain attacks. In the meantime, here are the essential takeaways:
If you want to learn more about supply-chain attacks, have a read of our analytical report Supply chain reaction: securing the global digital ecosystem in an age of interdependence. It’s based on insights from technical experts, and reveals how often organizations face supply-chain and trusted-relationship risks, where protection gaps remain, and what strategies to employ to improve resilience against these kinds of threats.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。