Software supply chain attacks continue to evolve, with threat actors shifting their focus from exploiting individual applications to compromising the trusted systems developers rely on every day. As organizations increasingly depend on open source packages and automated CI/CD pipelines, attackers are finding new ways to inject malicious code into legitimate software distribution channels.
New research from cloud security company Upwind highlights how these attacks are becoming more coordinated and difficult to detect. The company’s latest investigation uncovered a supply chain compromise affecting multiple official AsyncAPI npm packages, revealing an operation that extended beyond a single repository or package and instead targeted multiple publishing pipelines.
A coordinated attack across multiple repositories
According to Upwind’s investigation, the incident was not an isolated case involving one malicious package. Instead, researchers found evidence that attackers compromised multiple components within the AsyncAPI ecosystem.
The investigation confirmed that two separate GitHub repositories had been compromised, with attackers targeting different release branches and abusing different OpenID Connect (OIDC) publishing identities over a relatively short period. Researchers also identified a second independent repository compromise, indicating that attackers successfully gained access to multiple publishing pipelines rather than exploiting a single release process.
The breadth of the activity suggests a coordinated campaign designed to undermine trust in the software supply chain itself rather than simply distributing a malicious package through one compromised repository.
A shift in how malicious code is executed
One of the most significant findings from the investigation was the evolution of the attackers’ techniques.
Traditionally, many npm supply chain attacks have relied on preinstall or postinstall scripts that execute during package installation. Those methods have become increasingly familiar to security teams and are often monitored by security tools focused on package installation events.
In this campaign, however, Upwind observed a different approach.
Rather than relying on installation scripts, the malicious code executed during normal package imports or through alternative execution paths. Because the code ran as part of expected application workflows instead of the installation process, the malicious behavior became significantly harder to identify using traditional monitoring approaches.
Researchers also found that while attackers used multiple execution techniques throughout the campaign, they consistently reused infrastructure and malware patterns across the different compromised repositories and publishing pipelines. This combination of varied execution methods and shared infrastructure suggests an effort to remain effective while avoiding existing detection mechanisms.
Why the compromise matters
The affected packages originated from official publishing channels and appeared legitimate to developers using standard dependency management practices.
As a result, organizations could unknowingly introduce malicious code into both developer workstations and CI/CD environments simply by using trusted package versions during routine development activities.
“This wasn’t just a malicious package – it was a compromise of trust,” said Amiram Shachar, CEO and Co-Founder of Upwind. “Multiple official AsyncAPI packages were published with backdoored code from separate repositories and publishing pipelines, showing that attackers are increasingly targeting the software release process itself.”
The findings reinforce a broader concern facing software development teams: attackers are no longer focused solely on compromising code after it reaches production. Instead, they are increasingly targeting the trusted infrastructure responsible for building, signing, and distributing software before it reaches downstream users.
Recommendations for organizations
Based on its investigation, Upwind recommends that organizations immediately examine their software supply chains to determine whether affected package versions were introduced into development environments.
Among its recommendations, the company advises security teams to verify the exact package versions currently in use instead of assuming newer releases are safe. Organizations should also pin dependencies to verified, trusted versions and review recent dependency updates, lockfiles, and Software Bills of Materials (SBOMs) for unexpected changes.
In addition, developer workstations and CI/CD runners that imported affected packages should be treated as potentially compromised, while any credentials accessible from those environments should be rotated as a precaution.
The growing need for runtime visibility
The investigation illustrates how software supply chain attacks continue to become more sophisticated as attackers shift their attention toward trusted publishing infrastructure instead of individual applications.
According to Upwind, this evolution highlights the importance of runtime visibility and continuous monitoring throughout the software development lifecycle. Detecting malicious behavior only during package installation or through static code analysis may no longer be sufficient when attackers are embedding malicious execution into normal application workflows.
Upwind said it continues to monitor the campaign and is encouraging organizations to review their software supply chain security practices as part of broader efforts to reduce the risk of similar attacks in the future.

