Executive Summary

A critical supply chain attack has recently targeted the n8n workflow automation platform, exploiting its extensibility and trust in community-contributed nodes. Malicious actors published rogue npm packages masquerading as legitimate n8n community nodes, which, once installed, exfiltrated OAuth tokens and sensitive credentials from affected systems. This attack demonstrates a sophisticated abuse of the open ecosystem underpinning n8n, leveraging the platform’s integration model to compromise enterprise environments. The campaign is ongoing, with new malicious packages surfacing and active credential theft observed in the wild. Organizations using n8n—especially self-hosted deployments—must act immediately to audit, update, and secure their environments.

Threat Actor Profile

The threat actors behind this campaign have demonstrated advanced knowledge of both the n8n platform and the broader npm ecosystem. They have systematically published at least eight malicious packages, each crafted to appear as a legitimate n8n community node. The attackers used pseudonymous handles such as kakashi-hatake, zabuza-momochi, dan_even_segler, hezi109, haggags, vietts_code, and diendh. Their tactics include impersonating popular integrations (e.g., Google Ads, Stripe, Salesforce) to maximize the likelihood of installation and credential harvesting. The campaign’s sophistication, operational security, and rapid iteration suggest a well-resourced group with a deep understanding of supply chain attack vectors, though no specific APT attribution has been made as of this report.

Technical Analysis of Malware/TTPs

The attack leverages the n8n platform’s support for community nodes, which are distributed as npm packages. The malicious packages, such as n8n-nodes-hfgjf-irtuinvcm-lasdqewriit and n8n-nodes-gasdhgfuy-rejerw-ytjsadx, are designed to mimic legitimate integrations. Upon installation, these nodes prompt users to authenticate with third-party services, capturing OAuth tokens and API keys. The malware then decrypts these credentials using n8n’s master key—since community nodes execute with the same privileges as the core platform—and exfiltrates them to attacker-controlled infrastructure via HTTP POST requests or other covert channels.

The malicious code is often obfuscated and embedded within the node’s logic, making detection challenging. The packages exploit the lack of sandboxing in n8n’s community node execution model, granting them unrestricted access to environment variables, the file system, and the credential vault. The attackers have also demonstrated agility, publishing new package versions and variants as previous ones are discovered and removed.

MITRE ATT&CK mapping for this campaign includes T1195.002 (Supply Chain Compromise: Compromise Software Dependencies and Development Tools), T1552.001 (Unsecured Credentials: Credentials In Files), T1041 (Exfiltration Over C2 Channel), and T1059.007 (Command and Scripting Interpreter: JavaScript).

Exploitation in the Wild

Active exploitation has been confirmed, with malicious packages downloaded thousands of times from the npm registry. The campaign is ongoing, with new variants appearing as recently as hours before the latest public advisories. Victims report unauthorized access to integrated services such as Google Ads, Stripe, and Salesforce, indicating successful credential theft and subsequent abuse. The lack of sandboxing in n8n’s community node execution means that once a malicious node is installed, it can persistently harvest credentials and exfiltrate data without detection by the platform itself.

Network telemetry from compromised environments shows outbound connections from n8n instances to unfamiliar domains and IP addresses, correlating with workflow execution involving the malicious nodes. The attack has affected organizations across multiple sectors, with a focus on those leveraging n8n for business process automation and integration with cloud services.

Victimology and Targeting

The primary targets are organizations running self-hosted instances of n8n versions 1.65.0 through 1.120.4, as these versions are vulnerable to the attack vector described. Victims include enterprises and technology companies that rely on n8n for automating workflows involving sensitive data and third-party integrations. The attackers have focused on nodes that integrate with high-value services, maximizing the impact of stolen OAuth tokens and API keys. Cloud-hosted n8n instances have been automatically updated and are not affected, but any self-hosted deployment that has installed community nodes from npm is at risk.

Mitigation and Countermeasures

Immediate action is required to mitigate this threat. Organizations should disable community node installation by setting the environment variable N8N_COMMUNITY_PACKAGES_ENABLED=false on all self-hosted n8n instances. A comprehensive audit of all installed community nodes is essential; any package matching the indicators of compromise (see below) or not explicitly verified as safe should be removed. Outbound network traffic from n8n servers should be monitored for connections to unknown or suspicious endpoints, particularly during workflow execution.

All OAuth tokens, API keys, and credentials stored in affected n8n instances must be rotated, as compromise should be assumed. Organizations are strongly advised to use only official n8n integrations for workflows involving sensitive data. Upgrading to n8n version 1.121.0 or later, or any 2.x release, is critical, as these versions are not affected by the vulnerability. Regularly review and update dependency management policies to minimize exposure to supply chain attacks.

References

The following sources provide additional technical details and ongoing updates:

• The Hacker News: n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

• Endor Labs: n8mare on auth street: supply chain attack targets n8n ecosystem

• CSO Online: Malicious npm packages target the n8n automation platform in a supply chain attack

• n8n Security Advisory

• MITRE ATT&CK Techniques

• LinkedIn: Jenn Gile’s post on n8n supply chain attack

• X (Twitter): The Cyber Security Hub on n8n attack

• ReversingLabs Spectra Assure: Package Analysis

About Rescana

Rescana is a leader in third-party risk management (TPRM), providing organizations with a comprehensive platform to identify, assess, and mitigate cyber risks across their digital supply chain. Our advanced analytics and continuous monitoring empower security teams to proactively defend against emerging threats and ensure the resilience of critical business operations. For more information or to discuss your organization’s security posture, we are happy to answer questions at ops@rescana.com.