Modern software supply chains have become a prime target for attackers. Unlike traditional breaches that exploit firewalls or endpoints, supply chain attacks work quietly in the background, infiltrating through dependencies that development teams rely on every day.
 

Recent incidents, such as the npm package attacks, where malicious actors slipped harmful code into widely used libraries, demonstrate how quickly malicious code can spread once a trusted link is exploited. Because these threats hide in everyday processes and tools, they are often invisible until the damage is already done.
 

Building resilience starts with acknowledging that the greatest risks are not always at the edges of the network, but buried deep within the systems we trust most.

Attackers are no longer targeting a single organisation, they are exploiting trusted channels, such as open-source package managers, to infiltrate hundreds or even thousands of systems at once.

One recent example is the scavenger campaign, a supply chain attack that targeted popular JavaScript packages on npm, one of the largest open-source repositories. Attackers launched phishing attacks on package maintainers by spoofing legitimate email addresses and domains—such as using npnjs.org, which mimics npmjs.org. This trick enabled them to hijack maintainer accounts and insert malicious code into widely used software tools, distributing malware for several hours before it was detected and removed.

The campaign spread quietly by exploiting everyday developer habits and gaps in detection. Many teams automatically accept updates to widely used code libraries, so a single compromised update can ripple across countless systems before anyone notices. The code was built to run on all major operating systems and maintain a hidden link to its controllers, yet most malware scanners failed to detect it. That blind spot gave attackers the time they needed to spread further.

The campaign went beyond basic phishing. Some malicious packages hid the locations of the harmful code they delivered by using the Ethereum blockchain, making it hard for standard security checks to spot the threat. Attackers also set up fake GitHub projects that appeared legitimate, with fake contributors and thousands of made-up updates to make them seem trustworthy. When developers used these projects, the harmful code was automatically included, just like any normal software update.

Viewed together, these incidents reveal a layered adversary playbook:
 

• Use typo squatting and domain spoofing to deceive developers
  
  
• Create fake repositories to lend credibility to their malicious code
  
  
• Leverage blockchain technologies to evade traditional security tools and obscure their activities
   

Enterprises struggle to defend against such attacks for several reasons:
 

• Many organisations have limited visibility to track dependencies beyond first-tier vendors
  
  
• Developers, trained to patch quickly, may inadvertently propagate malware without vetting new versions
  
  
• Poor vetting processes 

Even with advanced security tools, many organisations remain vulnerable because their monitoring is often reactive, tools operate in silos, and vendor management is fragmented. Visibility deep into the supply chain remains limited: the share of companies with clear insight into these hidden layers fell by 7% compared to last year.³ This matters because major disruptions often start in those unseen tiers. Most enterprise setups only detect threats after significant damage has occurred, and once a supply chain disruption hits, it takes companies an average of two weeks to plan and respond — far longer than the typical weekly operational cycles they rely on.³

Managing a global supply chain means keeping track of devices, data, and operations across multiple countries and networks—a complex challenge for any organisation. From real-time monitoring and diagnostics to streamlined lifecycle management, enterprises can gain clear visibility into their global deployments, identify operational issues quickly, and respond before small problems escalate.
 

Singtel CUBΣ simplifies connectivity and security management by breaking down silos with a unified portal to manage a comprehensive suite of services across multiple vendors. This provides a single source of accountability and makes managing enterprise connections easier, giving organisations greater control, visibility, and confidence across their global operations.
 

Singtel Unified Secure Access Service Edge (SASE) Convergence integrates Software-Defined Wide-Area Networking (SD-WAN) and advanced Secure Service Edge (SSE) solutions from industry leaders into a unified, cloud-based platform. With a single, intuitive dashboard, enterprises can streamline network operations, boost scalability, and enhance security—all while minimising complexity.

Beyond the right tools and technology, securing the software supply chain requires a prepared, vigilant workforce. As the recent attacks have shown, threats can infiltrate trusted channels and remain undetected for weeks, exploiting gaps in processes and visibility. 
 

With 90% of organisations lacking the skilled talent to meet supply chain digitisation goals (an issue unchanged since 2020)³, employees must be trained, equipped, and empowered to identify and respond to threats quickly. Hands-on exercises, real-world simulations, and cross-department collaboration help teams contain risks before they escalate. Singtel’s Cyber Security Institute (CSI) provides tailored programmes — from leadership briefings to incident response drills — helping organisations turn awareness into action and build lasting cyber resilience across their supply chains.

Empower your teams with the tools and training to detect threats early. Explore how Singtel’s Cyber Security Institute can help you build lasting resilience.