TanStack npm Supply Chain Attack: OpenAI Response
OpenAI is taking a range of actions to protect users following a supply chain attack that corrupted the signing keys used to make sure the company’s applications are legitimate.
Users on macOS have to update their OpenAI applications by June 12, after which they will no longer receive updates or support and the service may not function.
Incident Details
The new certificates with the update will help “customers know that software comes from the legitimate developer, OpenAI.” The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies.
OpenAI said in a blog post on Wednesday that two employee devices in its corporate environment were impacted by the attack. The company hired an incident response firm to help investigate and contain the incident.
“We observed activity consistent with the malware’s publicly described behavior, including unauthorized access and credential-focused exfiltration activity, in a limited subset of internal source code repositories to which the two impacted employees had access,” OpenAI said.
“We confirmed that only limited credential material was successfully exfiltrated from these code repositories and that no other information or code was impacted.”
Attack Impact
The source code repositories that were affected by the attack include the company’s iOS, macOS, and Windows products. Users with Windows and iOS apps do not need to take any actions, but macOS users will have to install updates.
OpenAI said it is also coordinating with other platforms to “prevent any unauthorized use of these certificates by stopping new notarizations.”
“We have also reviewed all notarization of software using our previous certificates to confirm no unexpected software signing has occurred with these keys, and validated that our published software did not have unauthorized modifications. We have found no evidence of compromise or risk to existing software installations,” the company said.
TanStack Attack Overview
The attack on TanStack set off alarm bells within the cybersecurity and developer community this week after 84 npm package artifacts were compromised on Sunday. The affected packages were changed to add credential stealers targeting developers.
Several of the packages have over 12 million weekly downloads and are widely used. In TanStack’s post-mortem, they also warned that the malware not only steals credentials from common locations but also self propagates – targeting other packages the victim maintains and republishing them with the same malware.
Government and Expert Response
Government officials in the United Kingdom said the malicious packages were uploaded in two phases on April 29 and May 11. Avital Harel, security research lead at Upwind, told Recorded Future News that at its core, the attack is similar to downloading what appears to be a legitimate software update or tool from an official source, only to discover hidden code inside designed to steal sensitive information like passwords, login credentials and access tokens.
The downstream impact of the incident is significant if attackers gain access to company systems, software publishing accounts, or cloud environments that potentially affect the applications and services millions of people rely on every day, Harel said.
TeamPCP Selling Stolen Data
On Wednesday, the alleged hackers behind the incident, known as TeamPCP, offered for sale stolen internal repositories and source code from Mistral AI — another artificial intelligence company that confirmed they were impacted by the TanStack incident.
A Mistral AI spokesperson told Recorded Future News that a group of hackers “temporarily” compromised one of its codebase management systems on May 12 through a third-party software supply chain attack, contaminating some of the French company’s packages.
“We rapidly neutralized the attack and mitigated the incident. We took the necessary actions to fully secure our infrastructure and support our customers with guidelines. We initiated an extensive forensic investigation in collaboration with competent services and authorities,” the spokesperson said.
“From this investigation, we have concluded that attackers did not access any data beyond certain non-core code repositories. Neither our hosted services, managed user data, nor any of our research and testing environments were compromised.”
Supply Chain Attacks on the Rise
Supply chain attacks have become a popular avenue for hacking groups to compromise large numbers of users and systems because of the now interconnected ecosystem of open-source libraries, package managers, and continuous integration and continuous deployment infrastructure that underpins modern software.
In its blog on Thursday, OpenAI said that after a different supply chain hack in March launched by alleged North Korean hackers, it “accelerated the deployment of specific security controls and technologies to reduce the impact of supply chain attacks such as this one.”
Source: The Record