GitHub links repo breach to TanStack npm supply-chain attack
Summary
GitHub reports that the attackers who compromised 3,800 internal repositories gained access through a malicious version of the Nx Console VS Code extension. This extension was compromised as part of the recent TanStack npm supply-chain attack.
IFF Assessment
FOE
This article describes a supply-chain attack that led to a breach of internal repositories, indicating a success for threat actors.
Defender Context
This incident highlights the significant risks associated with supply-chain attacks, especially concerning code repositories and development tools. Defenders need to be vigilant about the security of third-party extensions and libraries, implementing strict vetting processes and monitoring for unusual activity within their development environments.