Likelihood: HIGH
Impact: VERY HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is high because three distinct delivery mechanisms (dependency confusion, typosquatting, compromised publisher account) are simultaneously active and require only a routine npm install to trigger, lowering the exploit barrier to near-zero for any Node.js pipeline that fetches affected packages; impact is very high because the harvested credentials — AWS, GitHub Actions, HashiCorp Vault, npm publish tokens — provide direct pivot paths to production cloud infrastructure, code repositories, and downstream software supply chains, enabling cascading compromise well beyond the initial install event.
Treatment rationale: Active, multi-vector credential-harvesting at install time with a direct path to cloud infrastructure takeover cannot be accepted or transferred without first closing the exposure; immediate technical controls (package lockfiles, private registry enforcement, secret rotation, CI/CD token scoping) are available and must be applied before residual risk is assessed for transfer or acceptance.
Third-Party / Supply-Chain Risk
Exposure is inherently third-party and supply-chain in nature across multiple trust boundaries: (1) the compromised @antv npm publisher account means a previously trusted, signed package source is now an active threat vector — any organization consuming @antv-scoped packages inherited that trust relationship without visibility into publisher account compromise; (2) dependency confusion attacks target the gap between private internal package registries and the public npm registry, meaning any vendor or outsourced development team that shares a build environment or package manifest with affected internal package names extends the blast radius; (3) organizations using GitHub Actions as a shared CI/CD platform face token exfiltration that could traverse organizational boundaries if workflows share secrets across repos or orgs; (4) downstream customers of any software built and published from a compromised pipeline face a second-order supply chain risk. NIST SP 800-161 SCRM controls — supplier vetting, software bill of materials (SBOM) validation, and continuous monitoring of third-party component integrity — are directly applicable.
Loss Exposure (illustrative)
Magnitude: High — illustrative $500K–$5M per exposed organization, scaling with AWS infrastructure footprint, number of affected pipelines, and whether compromised tokens enabled code injection into shipped software
Frequency: For an organization actively consuming npm packages in Node.js CI/CD pipelines without private registry enforcement or lockfile integrity controls, a single exposure event is plausible within the campaign window (May 20–29, 2026); without remediation, recurrence risk remains elevated given the persistence of the compromised @antv publisher vector and ongoing typosquatting package availability
Annualized: Illustrative ALE: if exposure probability for a qualifying organization is estimated at 20–40% over the campaign window and loss magnitude is $500K–$5M, the illustrative annualized figure ranges from $100K–$2M — this range collapses significantly with rapid remediation (lockfile enforcement, secret rotation, registry controls)
Basis: Magnitude driven by: (1) AWS credential theft enabling direct cloud infrastructure access — remediation costs include IR engagement, cloud forensics, infrastructure audit, and potential data exposure notification; (2) GitHub Actions token theft enabling pipeline backdoor — remediation expands to full software artifact audit and potential customer notification if poisoned builds were distributed; (3) HashiCorp Vault token theft adding secrets-management rebuild cost; (4) npm publish token theft creating downstream supply-chain liability if attacker published malicious versions under the victim's package identity. Frequency based on: active campaign with low technical barrier (passive install-time trigger), broad npm ecosystem exposure, and no KEV listing yet reducing likelihood of automated defender response.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• Theft of AWS credentials and potential exposure of production databases and customer data may invoke breach-notification obligations under applicable state, federal, or international data protection law — verify with counsel.
• Compromise of CI/CD pipelines and downstream software artifacts may constitute a security incident requiring notification under customer contracts, SLAs, or software supply agreements — verify with counsel.
• Credential exfiltration events of this class may trigger cyber-insurance incident-notification obligations and could affect coverage applicability if notification windows are missed — verify with broker and counsel.
• If affected packages were used in software delivered to regulated-industry customers (financial services, healthcare, critical infrastructure), sector-specific incident reporting obligations may apply — verify with counsel.
