Executive Summary
In early June 2024, attackers unleashed a self-replicating campaign on the NPM package registry, flooding it with over 150,000 malicious packages. The attack targeted user authentication tokens linked to the tea.xyz protocol, leveraging automation to exploit repository weaknesses and propagate at scale. The malicious packages were largely automated, making detection and removal challenging. The attackers’ actions threatened to undermine trust in the open-source JavaScript ecosystem, potentially exposing developers and end users integrating these packages into their applications to credential theft and further compromise.
This incident underscores the escalating risks in software supply chains, where open-source dependencies serve as fertile ground for large-scale token harvesting and distributed attacks. It highlights a concerning rise in automation-driven supply chain exploits and the urgent need for enhanced package repository security and vetting processes.
Why This Matters Now
The widespread automation of malicious package uploads targeting authentication tokens signals an urgent vulnerability in software supply chains. As organizations increasingly depend on open-source ecosystems, attackers can rapidly scale token theft and infiltration, demanding immediate improvements in dependency security and vendor controls.
Attack Path Analysis
The attacker initiated a large-scale NPM supply chain attack by flooding the registry with malicious self-replicating packages targeting tea.xyz protocol tokens. Once initial compromise was achieved via malicious package publishing, attackers likely escalated privileges to access broader publishing or token scopes. They may have moved laterally by leveraging compromised identities or tokens to spread the attack across accounts and cloud resources. Command and control was maintained through outbound communication channels, orchestrating further package uploads and updates. Exfiltration of sensitive tokens or data occurred via outbound connections. Finally, impact was seen through widespread pollution of the NPM ecosystem and compromised developer environments.
Kill Chain Progression
Initial Compromise
Description
Attackers seeded the NPM registry with over 150,000 malicious packages to compromise developer supply chains targeting tea.xyz protocol tokens.
Related CVEs
CVE-2025-54313
CVSS 7.5Malicious code injection in eslint-config-prettier package allows remote code execution upon installation.
Affected Products:
N/A eslint-config-prettier – 8.10.1, 9.1.1, 10.1.6, 10.1.7
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Supply Chain
Scheduled Task/Job: Scheduled Task
Obtain Capabilities: Code Signing Certificates
Credentials from Password Stores
Application Layer Protocol: Web Protocols
Phishing: Spearphishing via Service
Indicator Removal on Host: File Deletion
Data from Cloud Storage
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Prevent Common Software Development Vulnerabilities
Control ID: 6.4.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (EU Digital Operational Resilience Act) – ICT Third-Party Risk
Control ID: Article 25
CISA Zero Trust Maturity Model 2.0 – Manage and Monitor Software Supply Chain Risks
Control ID: Supply Chain (SC) - Capabilities
NIS2 Directive – Risk Analysis and Security Policies
Control ID: Article 21 (2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
NPM supply chain attacks directly compromise software development pipelines, requiring enhanced egress security and zero trust segmentation for developer workstations and CI/CD systems.
Information Technology/IT
Token farming campaigns exploit IT infrastructure dependencies on NPM packages, necessitating multicloud visibility and threat detection capabilities across development environments.
Financial Services
Supply chain vulnerabilities in NPM registry threaten financial applications, demanding strict policy enforcement and anomaly detection to prevent malicious package infiltration.
Computer/Network Security
Self-replicating NPM attacks challenge security tools' ability to detect supply chain compromises, requiring advanced threat detection and kubernetes security for containerized applications.
Sources
- 150,000 Packages Flood NPM Registry in Token Farming Campaignhttps://www.darkreading.com/application-security/150000-packages-flood-npm-registry-token-farmingVerified
- Amazon Inspector detects over 150,000 malicious packages linked to token farming campaignhttps://aws.amazon.com/blogs/security/amazon-inspector-detects-over-150000-malicious-packages-linked-to-token-farming-campaign/Verified
- Crims poison 150K+ npm packages with token-farming malwarehttps://www.theregister.com/2025/11/14/selfreplicating_supplychain_attack_poisons_150k/Verified
- Big Red - Indonesian-based Self-replicating Malicious Spam Campaign detected in npmhttps://research.jfrog.com/post/big-red-npm-campaign/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Zero Trust segmentation, strict egress controls, lateral movement prevention, and comprehensive network visibility would have limited the spread of malicious packages, restricted outbound attacks, and detected anomalous activity across the cloud environment.
Control: Zero Trust Segmentation
Mitigation: Limits attacker reach and reduces risk of malicious package payloads reaching critical cloud workloads.
Control: Multicloud Visibility & Control
Mitigation: Provides rapid detection of anomalous privilege or credential usage.
Control: East-West Traffic Security
Mitigation: Blocks unauthorized intra-cloud and inter-region traffic flows.
Control: Cloud Firewall (ACF)
Mitigation: Prevents unapproved outbound connections to malicious C2 endpoints.
Control: Egress Security & Policy Enforcement
Mitigation: Detects and blocks suspicious data egress channels.
Rapid anomaly detection and automated incident response contain downstream impact.
Impact at a Glance
Affected Business Functions
- Software Development
- Package Management
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of developer credentials and sensitive project data due to compromised npm packages.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce Zero Trust segmentation and least-privilege network access between development, CI/CD, and production environments to minimize blast radius.
- • Implement strict egress filtering for all workloads to limit unauthorized outbound communications and detect anomalous token exfiltration.
- • Deploy cloud-native firewalls and real-time threat detection to identify and block suspicious supply chain activity and C2 channels.
- • Utilize centralized visibility platforms to baseline traffic, alert on credential misuse, and rapidly respond to package-related anomalies.
- • Regularly review and strengthen security policies for third-party and open-source package adoption within CI/CD pipelines.
