Dissecting NX Supply Chain Attack by Rohit Narayanan M

What happened? 1000 + Developer systems compromised 2300+ Secrets Leaked 10000+ Repositories made public

I am Rohit Narayanan M Security Engineer @ Scapia 4+ Years in Web security CTF player @ team bi0s AKA Lu513n

Nx build? ● ● ● Widely-used, open-source build system with millions of weekly downloads Controls how source code is tested, bundled, and prepared for deployment. Operates in privileged environments (developer machines, CI/CD pipelines) with access to all source code, dependencies, and secrets like API keys and authentication tokens, making it a high-value target for credential theft.

How? Vulnerability in Github Action

  1. Malicious PR -> GITHUB_TOKEN Malicious Pull Request GITHUB_TOKEN Leaked
  2. Malicious Commit -> NPM Token NPM Token leaked DIspatching Publish pipeline Malicious Commit altering publish pipeline
  3. Exfiltrating Secrets Malicious NPM Packages pushed More than 1200 repos made with exfiltrated secrets Private repos made public with already exfiltrated tokens

Github Action Using pull_request_target dispatch Checking out the base branch not the main Using the pull_request.title directly in run

pull_request_target

pull_request.title

Malicious PR (POC) Dumping the whole memory and searching for the token Token only valid for the action time sleep will help keep the token active

Malicious Commit Allowed them to extract the NPM Token to a remote URL Use the extracted Token to publish package to NPM

NPM Package published ● Malicious code was added to multiple npm packages ● Code was packed into postinstall script thereby executing upon installation ● Used AI agents if present to extract secrets

Secret extraction methods

Secret extraction methods

Persistence & Extraction

Further Measures by nx Migration to Trusted Publishers: long-lived NPM tokens -> Trusted Publishers (uses OIDC authentication). Enforced CI/CD and 2FA: All CI pipelines requires manual two-factor authentication. Enhanced Contributor Vetting: Pipeline runs disabled for all external contributors, manual approval required.

What can we do? SBOM: Instantly identify compromised packages. Code Signing: Verify the authenticity and integrity of packages and code. Short-Lived & Scoped Tokens: Use temporary, narrowly-permissioned tokens to limit an attacker’s access and impact. Egress Traffic Visibility: Flag unauthorized data exfiltration to attacker servers. SLSA: Secure the end-to-end software supply chain. EDR/XDR: Detect malicious runtime activity on endpoints. Using NPM’s Trusted Publishers using OIDC authentication

References ● https://nx.dev/blog/s1ngularity-postmortem ● https://www.wiz.io/blog/s1ngularitys-aftermath ● https://github.com/nrwl/nx/security/advisories/GHSA-cxm3-wv7p-598c ● https://github.com/nrwl/nx/commit/3905475cfd0e0ea670e20c6a9eaeb768169 dc33d

Thank You