AWS package backfill attack

Published Sun, May 1st, 2022


Two malicious versions were created of packages previously used by AWS. The packages were officially authored and maintained by AWS before they were removed by their legitimate author, and once the packages were removed, their names became available and the two packages were then populated with malicious code. If AWS-deployed software had any dependencies on these packages, this would have led to a dependency confusion attack.

Affected Services


Tracked CVEs

No tracked CVEs


Disclosure Date
Sun, May 1st, 2022
Exploitablity Period
Known ITW Exploitation
Detection Methods
Piercing Index Rating
Discovered by
Mend Diffend