Discussion about this post

User's avatar
Dan Tinsley's avatar

Interesting to see MS Threat Intelligence team publish their own analysis of this (https://www.linkedin.com/posts/simone-pezzoli-emba-29a28014_mitigating-the-axios-npm-supply-chain-compromise-activity-7445374148605960192-bSFd?). They attribute to Sapphire Sleet rather than UNC1069 which is just vendor naming differences but the fact that both Google and Microsoft independently attributed to North Korea within 48 hours reinforces how confident the intelligence community is on this.

Microsoft's write up is technically solid. Everything a security team needs to validate exposure and hunt for follow on activity.

What struck me is the framing. MS writes for the security team. This article was written for the people who sit above and beside the security team. The CFO who has never heard of npm. The board that needs to understand why this is not just another vulnerability advisory. The CTO whose engineering team pulled the dependency without knowing what was in it.

Good to see the major players converging on this one.

Dan Tinsley's avatar

After publishing this a trusted peer pushed back on something worth sharing. I wrote that "there is no human in the loop who understands what was imported or why" in the context of vibe coding. His point that was also true before AI. Developers have always pulled dependencies without reading them. Fair. But here is the distinction that matters. For this specific payload the blast radius depends on where the build runs. A developer laptop with SSH keys and cloud credentials on it is devastating. A sandboxed cloud build environment like Lovable or Bolt has fewer secrets to steal. So the immediate impact is different. But that is this attack. The next one injects malicious code into the built application itself. Then every user of that webapp is compromised regardless of where it was built. The package still gets pulled. The postinstall still executes. And the person building it has absolutely no idea it happened. AI did not create the dependency problem. It removed the last person who might have noticed. And it expanded the attack surface from developers who should know better to anyone with a browser and an idea. The guardrails have not caught up. Love a good debate.

No posts

Ready for more?