MICROSOFT Threat Intelligence has identified a significant npm dependency confusion attack targeting corporate software development pipelines. The attack involved a threat actor using multiple fake accounts to publish malicious packages that impersonated legitimate internal corporate namespaces. The malicious packages executed through a concealed script during standard npm install processes, allowing for reconnaissance and potential data theft.
The attacker utilized sophisticated techniques, such as hijacking version numbers and obfuscating code, to evade detection. Security teams are urged to review package configurations and block access to compromised domains to mitigate risks.