Full Report
A deeper look at the Nx supply chain attack: analyzing the performance of AI-powered malware, calculating incident impact, and sharing novel TTPs for further investigation.
Analysis Summary
# Incident Report: Nx Supply Chain Compromise (s1ngularity)
## Executive Summary
The s1ngularity incident involved a supply chain attack where attackers compromised an npm publishing token for `nx` packages via a vulnerable GitHub Action. This allowed them to distribute malicious versions of the package, leading to the large-scale leakage of corporate secrets (including GitHub and npm tokens) across public GitHub repositories. The attack progressed in three distinct phases, culminating in the public exposure of thousands of private repositories before widespread remediation efforts by GitHub stabilized the situation.
## Incident Details
- **Discovery Date:** August 26, 2025 (News first broke)
- **Incident Date:** Began prior to August 26, 2025 (Active attacks lulled around this date)
- **Affected Organization:** Nx package ecosystem users/organizations relying on `nx` npm packages.
- **Sector:** Software Development / Open Source Ecosystem
- **Geography:** Global (Inferred from public GitHub activity)
## Timeline of Events
### Initial Access
- **Date/Time:** Not specified, but occurred before August 26, 2025.
- **Vector:** Compromise of an npm publishing token for `nx` packages.
- **Details:** The token was compromised via a **vulnerable GitHub Action**.
### Lateral Movement & Data Exfiltration (Phases 1 & 2)
- **Phase 1 (Secrets Leak):** Malicious packages executed, extracting environment variables, GitHub tokens, and npm tokens. These were published publicly in designated repositories (`s1ngularity-repository` on victims' profiles). Over 1,700 users had secrets publicly leaked.
- **Phase 2 (Repo Exposure):** Attackers abused the leaked GitHub tokens to forcibly make private repositories public on compromised victim accounts (Organization accounts were disproportionately affected). These repositories were named using the scheme `s1ngularity-repository-#5letters#`. At least 480 accounts were compromised this way.
- **Phase 3:** Starting August 31st, two compromised users uploaded over 500 repositories belonging to a single organization, described as `S1ngularity` and suffixed with `_bak`.
### Detection & Response
- **Date/Time:** Detection reported around August 26-27, 2025.
- **Detection:** Initial detection reported by Wiz Research and general reporting of the compromised `nx` package. Nx also left notifications/issues in Phase 1 created repositories.
- **Response Actions:** GitHub disabled the initial malicious repositories. Later, for Phase 2, GitHub removed the publicly exposed private repositories. GitHub also conducted a major token revocation campaign between August 29th and 30th. Wiz expanded detection capabilities via Wiz Code features.
## Attack Methodology
- **Initial Access:** Compromise of legitimate publishing credentials (npm token) used to inject malicious code into the `nx` package via a vulnerable GitHub Action pipeline.
- **Persistence:** Not explicitly detailed, but likely maintained via leveraging leaked GitHub/npm tokens in subsequent phases.
- **Privilege Escalation:** Not explicitly detailed, but gaining rights to modify package versions and later abuse credentials to make private repos public implies privilege escalation or abuse of existing high-privilege tokens.
- **Defense Evasion:** The malware was described as "AI-powered," though specific evasion techniques beyond persistence were not detailed in the provided summary.
- **Credential Access:** Malware actively extracted environment variables, GitHub tokens, and npm tokens from the compromised host environment.
- **Discovery:** The malware abused **locally configured AI CLIs** to identify additional sensitive files for exfiltration.
- **Lateral Movement:** Achieved by abusing leaked GitHub tokens to propagate the impact by exposing victim repositories (Phase 2).
- **Collection:** Extracted environment variables, tokens, and over 20,000 files across a sample set.
- **Exfiltration:** Published collected secrets directly to publicly accessible GitHub repositories created under victims' accounts.
- **Impact:** Public exposure of secrets/tokens, and forced public exposure of organizational private source code/data.
## Impact Assessment
- **Financial:** Not quantified, but implied significant costs related to incident response and remediation.
- **Data Breach:**
* **Secrets:** Over 2,000 unique, verified secrets leaked publicly (including GitHub/npm tokens).
* **Files:** Over 20,000 files leaked across a sample set of users.
* **Repositories:** At least 6,700 private repositories forcibly made public.
- **Operational:** Significant operational impact due to the immediate compromise of credentials needed for CI/CD and external services. Token validity remained high (nearly 90% valid 24 hours post-removal).
- **Reputational:** Significant blow to trust in the Nx ecosystem and CI/CD practices generally.
## Indicators of Compromise
*(Note: Specific low-level IOCs are omitted or defanged based on standard practice, focusing on behavioral indicators provided in the text)*
- **Network indicators:** Publishing data to newly created GitHub repositories under victim accounts (e.g., `s1ngularity-repository`).
- **File indicators:** Files exfiltrated based on analysis by locally running AI CLIs.
- **Behavioral indicators:** Execution of malicious code derived from installing compromised `nx` npm packages; creation of highly suspicious public GitHub repositories containing secrets.
## Response Actions
- **Containment:** GitHub disabled the newly created malicious repositories immediately upon detection. Tokens that were leaked were eventually revoked by GitHub (95% revocation rate achieved after the campaign).
- **Eradication:** Not explicitly detailed, likely involved mandatory secret rotation organization-wide for users impacted by token leakage.
- **Recovery:** Remediation of tokens and restoration/securing of the Leaked repositories.
## Lessons Learned
- Supply chain attacks leveraging CI/CD tooling (GitHub Actions) remain a highly effective initial access vector.
- Security posture around publishing credentials (npm tokens) is critical, as compromise leads directly to broad distribution of malware.
- The persistence and utility of leaked secrets (e.g., GitHub tokens valid for over 48 hours) highlight the critical need for rapid token revocation campaigns following a breach.
- Artifacts created by malware (like the public repos in Phase 1) can bypass traditional organization log monitoring, requiring broader visibility (e.g., into user public activity).
- The use of local AI CLIs by malware introduces novel reconnaissance methods capable of intelligent file selection beyond standard environment variable dumps.
## Recommendations
- Implement strict control and rotation policies for all publishing and integration tokens (npm, GitHub Personal Access Tokens) used within CI/CD pipelines.
- Regularly review GitHub Actions configurations for vulnerabilities that could lead to credential harvesting or token compromise.
- Deploy continuous monitoring solutions capable of detecting abnormal resource creation and activity on cloud collaboration platforms (like GitHub) by non-standard actors or processes, even if initiated by a compromised legitimate user account.
- Adopt proactive secret scanning across all public/private repositories to mitigate exposure stemming from credential leakage.