Skip to content
supplychainattack.orgSupply chain attack incident catalog

IronWorm supply chain incidents

npm infostealer campaign reported in June 2026 that compromised dozens of packages, described in public reporting as a custom-built implant with its own infrastructure, including eBPF-based components and Tor command-and-control.

Also tracked as: IronWorm worm, IronWorm campaign

1 confirmed incident publicly associated with this group. Attribution reflects what the cited sources state; it is recorded for filtering, not asserted by this site.

  1. activehigh

    New IronWorm malware hits 36 packages in npm supply-chain attack

    A supply-chain attack infected 36 packages on npm with IronWorm infostealer malware. The attack compromised multiple packages in the Node Package Manager ecosystem, potentially affecting downstream users and applications.

    IronWormnpmCompromised package