supplychainattack.orgSupply chain attack incident catalog

Atomic Arch supply chain incidents

1 confirmed incident publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

containedhighUpdated Jun 13, 2026
400+ AUR Packages Hijacked: What the “Atomic Arch” Campaign Means for Supply-Chain Security
On June 11, 2026, attackers hijacked over 400 packages in the Arch User Repository (AUR), converting them into a malware delivery network. The "Atomic Arch" campaign represents a large-scale compromise of developer accounts or package maintainers within the Arch Linux ecosystem.
Atomic ArchOtherAccount takeoverMalicious maintainer