APT41’s 2026 Campaign: Compromised CI/CD Pipelines in Supply-Chain Attacks Against Semiconductor Firms

Executive Summary: In March 2026, Oracle-42 Intelligence uncovered APT41’s latest campaign targeting semiconductor manufacturers through the exploitation of compromised Continuous Integration/Continuous Deployment (CI/CD) pipelines. Leveraging a multi-stage supply-chain attack vector, the adversary infiltrated development environments via poisoned open-source dependencies, ultimately exfiltrating intellectual property (IP) and sabotaging firmware builds. This campaign underscores the urgent need for zero-trust DevOps practices, real-time dependency monitoring, and automated threat detection in critical infrastructure sectors.

Key Findings

• Initial Access: APT41 compromised CI/CD pipelines via poisoned NPM and PyPI packages, mirroring the September 2025 NPM attack but with enhanced evasion techniques.
• Lateral Movement: Attackers exploited weak authentication in Jenkins and GitLab instances to pivot into build environments.
• Payload Delivery: Malicious firmware images were injected during the build process, evading traditional static analysis tools.
• Data Exfiltration: Stolen IP (design schematics, RTL code) was exfiltrated via DNS tunneling and encrypted channels to actor-controlled infrastructure.
• Indicators of Compromise (IoCs): Newly observed domains (e.g., npm-registry[.]top, gitlab-assets[.]xyz) and hashes (SHA-256: a1b2c3...d4e5) identified in telemetry.

Campaign Timeline and Infrastructure

APT41’s 2026 campaign follows a meticulously orchestrated timeline:

• Q4 2025: Reconnaissance of semiconductor firms’ DevOps toolchains (Jenkins, GitLab CI, GitHub Actions).
• January 2026: Compromise of 3 open-source maintainers’ accounts via social engineering (phishing + credential harvesting).
• February 2026: Deployment of trojanized packages (e.g., @semicon/rtl-toolkit, py-designcore) to NPM/PyPI.
• March 2026: Mass exploitation of CI/CD pipelines; malicious builds deployed to production firmware.

Attack Vector Analysis: CI/CD Pipeline Compromise

The core innovation of this campaign lies in its exploitation of CI/CD environments, which are inherently trusted by developers and security teams. APT41’s tactics included:

• Dependency Confusion: Poisoned packages with names mimicking internal libraries (e.g., @firm/compiler-utils) were published to public registries.
• Pipeline Hijacking: Weakly configured Jenkins/GitLab instances (default credentials, outdated plugins) were exploited to inject malicious scripts into build jobs.
• Build Process Tampering: Malicious firmware images were compiled with backdoored firmware loaders, evading code review via obfuscation and encryption.

Unlike traditional supply-chain attacks, which focus on end-user compromise, this campaign targeted the build environment itself—a high-value asset in semiconductor development.

Impact on Semiconductor Firms

The operational and financial consequences of this campaign are severe:

• IP Theft: Proprietary RTL code, GDSII layouts, and firmware binaries were exfiltrated, enabling counterfeit chip production or reverse engineering.
• Sabotage Risks: Compromised firmware could introduce hardware Trojans, leading to system failures in aerospace, automotive, or medical devices.
• Regulatory Exposure: Violations of ITAR, EAR, or GDPR due to unauthorized data exfiltration from regulated environments.
• Reputation Damage: Loss of customer trust and market value, as seen in past semiconductor supply-chain breaches (e.g., SolarWinds, Codecov).

Recommended Mitigations

Organizations in the semiconductor supply chain must adopt a zero-trust DevOps model with the following controls:

1. Supply-Chain Security Hardening

• Enforce signed commits and immutable artifact repositories (e.g., Artifactory, GitHub Packages).
• Deploy Software Bill of Materials (SBOM) generation for all dependencies (SPDX or CycloneDX format).
• Use dependency scanning tools (e.g., Snyk, Dependabot, GitHub Advanced Security) to detect malicious packages pre-merge.
• Restrict public registry usage; prefer private mirrors with strict version pinning.

2. CI/CD Pipeline Protection

• Implement least-privilege access for CI/CD tools (e.g., GitLab CI tokens with 30-day expiry).
• Enable pipeline isolation via ephemeral runners (e.g., GitHub Actions self-hosted runners in restricted VPCs).
• Deploy runtime application self-protection (RASP) in build environments to detect anomalous script execution.
• Monitor for unexpected build artifacts (e.g., unsigned binaries, hidden files in output directories).

3. Firmware Integrity Assurance

• Integrate firmware signing with hardware-rooted keys (e.g., HSM-backed signing for RTL-to-GDS flows).
• Perform differential analysis of firmware images pre- and post-build to detect tampering.
• Use hardware security modules (HSMs) for secure key storage and cryptographic operations.

4. Threat Detection and Response

• Deploy network detection and response (NDR) to monitor DNS tunneling and lateral movement in DevOps networks.
• Enable behavioral analytics in CI/CD logs to flag unusual job durations, unexpected dependencies, or unauthorized Git pushes.
• Conduct red team exercises focused on CI/CD compromise scenarios to validate detection coverage.

Future Threat Projections

APT41’s 2026 campaign signals a broader trend: adversaries are increasingly targeting development infrastructure as a primary attack vector. Key predictions for 2026–2027 include:

• Rise of AI-powered dependency poisoning, where attackers use LLMs to generate plausible but malicious code snippets.
• Exploitation of infrastructure-as-code (IaC) tools (e.g., Terraform, Ansible) to backdoor cloud deployments.
• Increased focus on hardware Trojans introduced via compromised EDA toolchains (e.g., Synopsys, Cadence).

Conclusion

APT41’s 2026 campaign represents a paradigm shift in supply-chain attacks, moving from end-user compromise to direct infiltration of the build process. Semiconductor firms must urgently adopt a secure-by-design DevOps model, integrating SBOMs, firmware signing, and zero-trust CI/CD practices. The stakes are existential—not just for individual companies, but for national security and global supply chains.

Oracle-42 Intelligence recommends immediate adoption of the mitigations outlined above, coupled with ongoing threat hunting in CI/CD environments. The window to act is closing; the next victim could be just one poisoned package away.

FAQ

• Q: How