Description
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software to function properly. Popular open source projects that are used as dependencies in many applications, such as pip and NPM packages, may be targeted as a means to add malicious code to users of the dependency.(Citation: Trendmicro NPM Compromise)(Citation: Bitdefender NPM Repositories Compromised 2021)(Citation: MANDVI Malicious npm and PyPI Packages Disguised) This may also include abandoned packages, which in some cases could be re-registered by threat actors after being removed by adversaries.(Citation: The Hacker News PyPi Revival Hijack 2024) Adversaries may also employ "typosquatting" or name-confusion by choosing names similar to existing popular libraries or packages in order to deceive a user.(Citation: Ahmed Backdoors in Python and NPM Packages)(Citation: Meyer PyPI Supply Chain Attack Uncovered)(Citation: Checkmarx-oss-seo)
Additionally, CI/CD pipeline components, such as GitHub Actions, may be targeted in order to gain access to the building, testing, and deployment cycles of an application.(Citation: Unit 42 Palo Alto GitHub Actions Supply Chain Attack 2025) By adding malicious code into a GitHub action, a threat actor may be able to collect runtime credentials (e.g., via Proc Filesystem) or insert further malicious components into the build pipelines for a second-order supply chain compromise.(Citation: OWASP CICD-SEC-4) As GitHub Actions are often dependent on other GitHub Actions, threat actors may be able to infect a large number of repositories via the compromise of a single Action.(Citation: Palo Alto Networks GitHub Actions Worm 2023)
Targeting may be specific to a desired victim set or may be distributed to a broad set of consumers but only move on to additional tactics on specific victims.
Platforms
Mitigations (4)
Limit Software InstallationM1033
Where possible, consider requiring developers to pull from internal repositories containing verified and approved packages rather than from external ones.(Citation: Cider Security Top 10 CICD Security Risks)
Vulnerability ScanningM1016
Continuous monitoring of vulnerability sources and the use of automatic and manual code review tools should also be implemented as well.(Citation: OWASP Top 10)
Update SoftwareM1051
A patch management process should be implemented to check unused dependencies, unmaintained and/or previously vulnerable dependencies, unnecessary features, components, files, and documentation.
Application Developer GuidanceM1013
Application developers should be cautious when selecting third-party libraries to integrate into their application. Additionally, where possible, developers should lock software dependencies to specific versions rather than pulling the latest version on build.(Citation: Cider Security Top 10 CICD Security Risks) GitHub Actions may be pinned to a specific commit hash rather than a tag or branch.(Ci
Associated Software (5)
| ID | Name | Type | Context |
|---|---|---|---|
| S9034 | Tsundere Botnet | Malware | [Tsundere Botnet](https://attack.mitre.org/software/S9034) has used the Node Package Manager (npm) to download malicious packages and to deliver the p... |
| S1246 | BeaverTail | Malware | [BeaverTail](https://attack.mitre.org/software/S1246) has been hosted on code repositories and disseminated to victims through NPM packages.(Citation:... |
| S9008 | Shai-Hulud | Malware | [Shai-Hulud](https://attack.mitre.org/software/S9008) has published itself on compromised code repository maintainers within infected packages in atte... |
| S0658 | XCSSET | Malware | [XCSSET](https://attack.mitre.org/software/S0658) adds malicious code to a host's Xcode projects by enumerating CocoaPods <code>target_integrator.rb</... |
| S9010 | GlassWorm | Malware | [GlassWorm](https://attack.mitre.org/software/S9010) has spread through Visual Studio extensions.(Citation: Koi Glassworm InvisibleCode October 2025)(... |
References
- Asi Greenholts. (2023, September 14). The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree. Retrieved May 22, 2025.
- Darren Meyer. (2025, May 28). PyPI Supply Chain Attack Uncovered: Colorama and Colorizr Name Confusion. Retrieved September 24, 2025.
- Deeba Ahmed. (2025, June 2). Backdoors in Python and NPM Packages Target Windows and Linux. Retrieved September 24, 2025.
- MANDVI. (2025, April 22). Malicious npm and PyPI Packages Disguised as Dev Tools to Steal Credentials. Retrieved September 24, 2025.
- Omer Gilm Aviad Hahami, Asi Greenholts, and Yaron Avital. (2025, March 20). GitHub Actions Supply Chain Attack: A Targeted Attack on Coinbase Expanded to the Widespread tj-actions/changed-files Incident: Threat Assessment . Retrieved May 22, 2025.
- OWASP. (n.d.). CICD-SEC-4: Poisoned Pipeline Execution (PPE). Retrieved May 22, 2025.
- Ravie Lakshmanan. (2024, September 4). Researchers Find Over 22,000 Removed PyPI Packages at Risk of Revival Hijack. Retrieved May 22, 2025.
- Silviu Stahie. (2021, November 8). Popular NPM Repositories Compromised in Man-in-the-Middle Attack. Retrieved May 22, 2025.
- Trendmicro. (2018, November 29). Hacker Infects Node.js Package to Steal from Bitcoin Wallets. Retrieved April 10, 2019.
- Yehuda Gelb. (2024, April 10). New Technique to Trick Developers Detected in an Open Source Supply Chain Attack. Retrieved June 18, 2024.
Frequently Asked Questions
What is T1195.001 (Compromise Software Dependencies and Development Tools)?
T1195.001 is a MITRE ATT&CK technique named 'Compromise Software Dependencies and Development Tools'. It belongs to the Initial Access tactic(s). Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise. Applications often depend on external software...
How can T1195.001 be detected?
Detection of T1195.001 (Compromise Software Dependencies and Development Tools) typically involves monitoring system logs, network traffic, and endpoint telemetry. Use SIEM rules, EDR solutions, and behavioral analytics to identify suspicious activity associated with this technique.
What mitigations exist for T1195.001?
There are 4 documented mitigations for T1195.001. Key mitigations include: Limit Software Installation, Vulnerability Scanning, Update Software, Application Developer Guidance.
Which threat groups use T1195.001?
While specific threat group attribution may vary, this technique has been observed in various real-world attacks. Check the MITRE ATT&CK website for the latest threat intelligence.