DEMO
You are viewing a demo with synthetic data.to connect your own infrastructure.
< Back to Battle Room

Supply Chain Injection

contained
Attacker Type
HUMAN
Confidence
65%
Kill Chain
Initial Access
Events
34
CRS Score
85
Elapsed
1.0h

EVENT TIMELINE

high10:00:00

Suspicious postinstall script in npm dependency

critical10:00:30

Environment variable exfiltration attempt blocked

info10:01:00

CIE: Malicious package quarantined

ATTACK NARRATIVE

A compromised npm package dependency was detected during CI/CD pipeline execution. The IaC Agent identified a suspicious postinstall script in a transitive dependency that attempted to exfiltrate environment variables. The package was quarantined before any secrets were exposed. Investigation revealed the package maintainer account was compromised 48 hours ago. All builds using this dependency have been rolled back.

Affected Assets

github-actions-runner-01npm-registry-cacheci-secrets-vault

Agent Layers Involved

iaacapp

PREDICTED NEXT MOVES

01Inject malicious dependency in next CI build
02Modify GitHub Actions workflow for persistence
03Exfiltrate CI/CD secrets via build logs

Pre-Blocked Paths

BLOCKEDInject malicious dependency in next CI build
BLOCKEDModify GitHub Actions workflow for persistence
BLOCKEDExfiltrate CI/CD secrets via build logs

COUNTER-ACTIONS EXECUTED

Quarantined malicious npm package
10:01:00
100%
Rolled back 3 affected builds
10:05:00
100%
Rotated all CI/CD secrets
10:10:00
100%