Likelihood: MODERATE
Impact: HIGH
Treatment: MITIGATE
Confidence: Moderate
Likelihood is moderate: the malicious extension was live for ~11 minutes and exploitation status of stolen credentials remains unconfirmed, but the credential classes stolen (AWS keys, npm OIDC tokens, GitHub tokens) are high-value and routinely weaponized within hours of acquisition, and any organization with an exposed developer must treat credential use as plausible until ruled out. Impact is high because a single compromised developer pipeline token can cascade into unauthorized software releases bearing valid Sigstore provenance signatures, meaning poisoned packages can reach customers and downstream systems with no trust-boundary warning — transforming a developer-machine compromise into a software supply-chain integrity event with operational, regulatory, and reputational consequences.
Treatment rationale: Immediate credential revocation, pipeline audit, and artifact integrity verification are executable controls that directly reduce the primary attack surface — transfer or acceptance are inappropriate given the active downstream propagation risk through already-signed poisoned packages.
Third-Party / Supply-Chain Risk
This item is structurally a third-party supply-chain risk event under NIST SP 800-161: Nrwl (the upstream vendor) was the point of compromise, and the attack propagated through a trusted distribution channel (VS Code Marketplace) that organizations do not control. The secondary layer is npm as a shared platform — stolen OIDC tokens were used to publish to npm with Sigstore-backed provenance, meaning any organization consuming npm packages must treat their dependency tree as a potential downstream vector regardless of whether their own developers were running the malicious extension version. AWS, GitHub, and 1Password are affected as credential-holding third-party platforms. Organizations with developer access to shared AWS accounts or multi-tenant GitHub organizations face lateral exposure beyond the individual developer's workstation.
Loss Exposure (illustrative)
Magnitude: High — illustrative $500K–$5M per exposed organization with confirmed credential misuse; lower end ($50K–$250K) for organizations where exposure is ruled out through rapid audit
Frequency: Single discrete event for organizations exposed during the ~11-minute window; recurrence risk is low for this specific vector once credentials are rotated, but elevated for supply-chain-class attacks broadly
Annualized: Insufficient basis for a defensible ALE given binary exposure profile (either your developers ran v18.95.0 or they did not) and unconfirmed exploitation rate across exposed population
Basis: Loss magnitude derived from cost components specific to this threat class: emergency incident response and forensic triage across developer fleet; credential rotation across AWS, GitHub, npm, and 1Password; pipeline audit and artifact re-publication with clean signing; potential customer notification if poisoned packages reached production; regulatory coordination costs. Higher end reflects scenarios where stolen AWS or GitHub tokens enabled lateral movement or data access before revocation. No third-party loss-cost reports cited — figures are internally derived from component estimation only.
Illustrative estimate — not actuarially derived.
Insurance / Contractual / Legal — Potential Obligations
Potential triggers, not legal determinations. Verify with counsel/broker before acting.
• If developer credentials were used to access systems containing customer PII or regulated data, this may invoke state and federal breach-notification obligations — verify with counsel.
• Unauthorized access to cloud infrastructure (AWS) via stolen keys may constitute a security incident under cyber-insurance policy definitions and could trigger notice obligations to the insurer — verify with broker.
• If poisoned npm packages published using stolen tokens were consumed by customer-facing software, downstream customer contracts with software integrity or security SLA provisions may be implicated — verify with counsel.
• Organizations subject to SOC 2, FedRAMP, or PCI-DSS may have incident-reporting obligations to auditors or assessors if developer pipeline integrity is confirmed compromised — verify with counsel and compliance leads.
• Supply-chain compromise of a signing/publishing workflow may implicate CISA SSDF attestation obligations for federal software suppliers — verify with counsel.
