>samit_hota
Back to research
Offensive Security

Anatomy of a Modern Supply Chain Attack — And Where Defenses Actually Break

Samit Hota·
#supply-chain#ci-cd#red-team

Supply chain attacks get discussed like a single event — “a package was compromised.” In practice, it’s a chain of individually reasonable trust decisions, and every one of them is a place a defense could have held.

The typical chain

  1. A maintainer’s credentials are phished, or a low-traffic package with publish access is quietly taken over.
  2. A malicious version is published with a payload gated behind an environment check, so it stays dormant in local dev and only activates in CI.
  3. CI pulls the new version automatically because most build systems don’t pin transitive dependencies, only direct ones.
  4. The payload exfiltrates CI secrets — cloud credentials, signing keys, deployment tokens — because build environments are frequently over-permissioned “to make builds work.”
  5. Those credentials are used to push a backdoored build to production, signed with the org’s own legitimate signing key.

Each step, viewed alone, looks like normal software development. That’s what makes this attack class effective — and why it keeps recurring across the industry.

Where the chain actually breaks, if you let it

  • Lockfiles with hash pinning, enforced in CI, not just present in the repo. A lockfile that isn’t verified during install is a suggestion, not a control.
  • Least-privilege CI credentials, scoped per-pipeline and short-lived, so a compromised build step can’t reach production deploy keys it never needed.
  • Build provenance attestation (e.g. SLSA-style) so a signed artifact can be traced back to a specific, reviewed commit — not just “a signing key that exists.”
  • Network egress restrictions on CI runners. Most exfiltration during a build compromise requires an outbound connection the runner never needed for the build itself.

The uncomfortable takeaway

None of these controls are exotic. Most organizations have at least one gap in this list — usually the CI credential scoping, because “just give the pipeline broad access so nothing breaks” is the path of least resistance under a deadline. It’s also exactly the assumption a supply chain attack is built to exploit.

Want a second set of eyes on your security posture?

Let's talk about where your real exposure is.

Book an advisory call