Last updated 1 month ago
A supply chain attack targeting ASP.NET web application developers was discovered in February 2026, involving four malicious NuGet packages designed to compromise development environments. The campaign exfiltrates ASP.NET Identity data including user accounts, role assignments, and permission mappings, while also manipulating authorization rules to establish persistent backdoors in victim applications.
The attack chain involved malicious packages in the NuGet package manager that, when installed by developers, executed code to steal sensitive authentication and authorization data. The packages specifically targeted ASP.NET web application infrastructure, compromising the identity management systems and creating unauthorized access pathways through manipulated authorization rules. Socket researchers identified the campaign but no specific threat actor attribution was made.
No post-incident developments regarding regulatory actions, litigation, ransom payments, or remediation milestones were reported in the available information.
Malicious NuGet packages targeting ASP.NET developers to steal sensitive data and create backdoors
This attack demonstrates critical failures in software supply chain security controls for development environments, specifically inadequate vetting of third-party packages in package repositories. The compromise of ASP.NET Identity systems highlights insufficient runtime monitoring for unauthorized data exfiltration from development and testing environments, while the creation of persistent backdoors through authorization rule manipulation indicates inadequate change control and integrity verification mechanisms for application security configurations.
Sign in to join the discussion.
Company
Industry
Discovered
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector