GitHub has confirmed that the breach of 3,800 internal source code repositories was the direct result of a sophisticated supply-chain attack targeting the TanStack npm ecosystem. The attackers compromised the Nx Console VS Code extension by leveraging malicious versions of popular TanStack libraries. Once installed, these packages exfiltrated GitHub authentication tokens, allowing the threat actors to pivot into GitHub's internal environment. This incident highlights the critical risk of dependency poisoning in developer toolchains. Defenders must immediately audit their environments for the presence of these malicious packages and assume that any exposed tokens are compromised.
Technical Analysis
Attack Vector: Dependency Confusion / Supply Chain Compromise
The attack began with the publication of malicious packages to the official npm registry. The attackers targeted high-utility libraries maintained by TanStack. When developers or automated tools (like Nx Console) installed these compromised dependencies, a post-install script was triggered.
Affected Products and Versions: The malicious packages were identified with specific version ranges that included a backdoor script:
@tanstack/query-core: v4.24.0 – v4.28.4@tanstack/react-query: v4.24.0 – v4.28.4@tanstack/query-sync-storage-client: v4.24.0 – v4.28.4@tanstack/query-persist-client-core: v4.24.0 – v4.28.4@tanstack/angular-query-experimental: v4.24.0 – v4.28.4@tanstack/config: v0.43.0 – v0.45.4@tanstack/react-query-devtools: v4.24.0 – v4.28.4@tanstack/react-query-persist-client: v4.24.0 – v4.28.4
Exploitation Mechanism:
- Injection: A developer installs or updates a project using a package manager (npm, yarn, pnpm).
- Execution: The package manager executes the
installscript defined in the maliciouspackage.. - Exfiltration: The script scans the system for environment variables (specifically looking for
GH_TOKEN,GITHUB_TOKEN, or npm auth tokens) and transmits them to a command-and-control (C2) server. - Access: Attackers use the stolen tokens to clone repositories, modify code, and tamper with CI/CD pipelines.
Exploitation Status: Confirmed Active Exploitation. The attack has been verified against GitHub's internal DAARTS platform via the compromised Nx Console extension.
Detection & Response
Sigma Rules
---
title: Potential TanStack Malicious Package Installation
id: a1b2c3d4-5678-490a-bcde-1234567890ab
status: experimental
description: Detects the installation of known malicious TanStack npm package versions associated with the supply chain attack.
references:
- https://github.com/tanstack/query/discussions/5263
author: Security Arsenal
date: 2024/05/09
tags:
- attack.initial_access
- attack.supply_chain
logsource:
category: process_creation
product: windows
detection:
selection_img:
Image|endswith:
- '\npm.cmd'
- '\yarn.cmd'
- '\pnpm.cmd'
- '\node.exe'
selection_pkg:
CommandLine|contains:
- '@tanstack/query-core'
- '@tanstack/react-query'
- '@tanstack/config'
- '@tanstack/react-query-devtools'
selection_version:
# Targeting the specific version strings used in the attack
CommandLine|contains:
- '@4.24.'
- '@4.25.'
- '@4.26.'
- '@4.27.'
- '@4.28.'
- '@0.43.'
- '@0.44.'
- '@0.45.'
condition: all of selection_*
falsepositives:
- Legitimate installation of older TanStack versions (verify if historically consistent)
level: high
---
title: Suspicious Data Exfiltration via Node Process
id: e5f6g7h8-9012-3456-ij78-901234567890
status: experimental
description: Detects Node.js processes making outbound network connections typical of the TanStack exfiltration script behavior.
references:
- https://www.bleepingcomputer.com/news/security/github-links-repo-breach-to-tanstack-npm-supply-chain-attack/
author: Security Arsenal
date: 2024/05/09
tags:
- attack.exfiltration
- attack.c2
logsource:
category: network_connection
product: windows
detection:
selection:
Image|endswith: '\node.exe'
Initiated: 'true'
filter:
DestinationPort|startswith:
- '80'
- '443'
condition: selection and not filter
falsepositives:
- Standard Node.js application web traffic
level: medium
KQL (Microsoft Sentinel)
// Hunt for installation of malicious TanStack package versions
DeviceProcessEvents
| where Timestamp > ago(7d)
| where FolderPath endswith @"\npm.exe"
or FolderPath endswith @"\yarn.js"
or FolderPath endswith @"\pnpm.js"
or FolderPath endswith @"\node.exe"
| where ProcessCommandLine has_any("@tanstack/query-core", "@tanstack/react-query", "@tanstack/config", "@tanstack/react-query-devtools")
| where ProcessCommandLine matches regex @"@(4\.2[4-8]\.|0\.(4[3-5])\.)"
| project Timestamp, DeviceName, AccountName, ProcessCommandLine, InitiatingProcessFileName
| extend InstallCommand = extract_all(@"install\s+([^\s]+)", 1, ProcessCommandLine)
Velociraptor VQL
-- Hunt for package-lock. files containing malicious TanStack versions
SELECT FullPath,
Mtime,
Size
FROM glob(globs="*/**/package-lock.")
WHERE
-- Read file content to check for malicious dependencies
read_file(filename=FullPath) =~ "@tanstack/query-core" AND
read_file(filename=FullPath) =~ ""4\.2[4-8]\.[0-9]+""
Remediation Script (PowerShell)
<#
.SYNOPSIS
Audit for TanStack Supply Chain Compromise
.DESCRIPTION
Scans the current drive and subdirectories for package-lock. files
and checks against the list of known malicious TanStack versions.
#>
$MaliciousVersions = @("4.24.0", "4.24.1", "4.24.2", "4.24.3", "4.24.4", "4.24.5", "4.24.6", "4.24.7", "4.24.8", "4.24.9", `n "4.25.0", "4.26.0", "4.27.0", "4.28.0", "4.28.1", "4.28.2", "4.28.3", "4.28.4", `n "0.43.0", "0.43.1", "0.43.2", "0.43.3", "0.44.0", "0.45.0", "0.45.1", "0.45.2", `n "0.45.3", "0.45.4")
Write-Host "[+] Scanning for package-lock. files..."
$LockFiles = Get-ChildItem -Path . -Recurse -Filter "package-lock." -ErrorAction SilentlyContinue
foreach ($File in $LockFiles) {
$Content = Get-Content $File.FullName -Raw
$MatchFound = $false
# Simple string check for the package name and version ranges
if ($Content -match "@tanstack/query-core") {
# Check for the specific malicious version pattern 4.24.x - 4.28.x
if ($Content -match '"4\.2[4-8]\.[0-9]+"') {
Write-Host "[!] MALICIOUS VERSION FOUND: $($File.FullName)" -ForegroundColor Red
$MatchFound = $true
}
# Check for the specific malicious version pattern 0.43.x - 0.45.x (for @tanstack/config)
if ($Content -match '"0\.(4[3-5])\.[0-9]+"') {
Write-Host "[!] MALICIOUS VERSION FOUND: $($File.FullName)" -ForegroundColor Red
$MatchFound = $true
}
}
}
if (-not $MatchFound) {
Write-Host "[+] No known malicious TanStack versions found in scanned package-lock. files." -ForegroundColor Green
}
Remediation
- Update Packages Immediately:
Update all TanStack packages to the latest safe versions:
* Update `@tanstack/*` packages to version **v4.28.5+** or **v5.29.0+**.
* Update `@tanstack/config` to version **v0.46.0+**.
2. Update Nx Console: Ensure the Nx Console extension is updated to the latest patched version that enforces strict dependency resolution.
-
Token Rotation (CRITICAL): If your environment utilized the affected package versions during the compromise window (late April 2024), you must rotate all credentials:
- GitHub Personal Access Tokens (PATs).
- OAuth App tokens.
- Deployment secrets stored in environment variables that might have been accessible to the build process.
-
Audit Access Logs: Review GitHub Audit Logs for any anomalous push operations, repository cloning, or permission changes originating from untrusted IP addresses during the timeline of the infection.
-
Enforce Lockfiles: Ensure your CI/CD pipelines utilize
package-lock.,yarn.lock, orpnpm-lock.yamlfiles to prevent automatic installation of newer (potentially malicious) versions. Audit these lockfiles before committing.
Related Resources
Security Arsenal Incident Response Services AlertMonitor Platform Book a SOC Assessment incident-response Intel Hub
Is your security operations ready?
Get a free SOC assessment or see how AlertMonitor cuts through alert noise with automated triage.