Amazon AWS Q Supply Chain Incident

It wasn't a misconfigured S3 bucket. It wasn't an IAM policy gone rogue. This time, AWS's own developer tools almost became a cloud-killer.

Overview

Date Discovered: July 2025
Affected Tool: Amazon Q Developer Extension for VS Code
Malicious Version: v1.84
Nature of Attack: Supply-chain compromise via a malicious pull request.
Impact: Potential deletion of local project files and AWS resources through destructive API calls.
Status: AWS silently patched in v1.85, no CVE assigned, no public changelog.
Risk Level: High - direct, authenticated access to cloud resources via developer credentials.

Threat Actor Motive

The likely motives here:

Destruction: Wiping out developer projects and AWS resources.
Disruption: Halting cloud application development pipelines.
Testing the Waters: Gauging AWS supply-chain defence gaps for future, larger campaigns.

Supply-chain compromise like this are gold for attackers because they weaponize trust. Instead of breaking into your cloud from the outside, they sneak in through your own tools.

Attack Chain

Codebase Compromise: Attacker submits a malicious PR that seems innocuous.

Release Packaging: The PR is merged, bundled into the VS Code extension, and uploaded to the marketplace.

Developer Update: Developers update to v1.84, trusting the source.

Malicious Prompt: The extension suggests running destructive commands:

Local file deletion
AWS API calls to remove S3 buckets, EC2 instance, IAM roles.

Execution & Impact: If accepted, commands run with the developer's AWS credentials - meaning full account-level access depending on IAM policies.

CLI Log Snippet Example:

Here's what a CloudTrail log might reveal if the malicious extension was executed:

{
  "eventTime": "2025-07-16T09:34:21Z",
  "eventSource": "ec2.amazonaws.com",
  "eventName": "TerminateInstances",
  "userIdentity": {
    "type": "IAMUser",
    "userName": "developer-laptop"
  },
  "sourceIPAddress": "203.0.113.42",
  "requestParameters": {
    "instancesSet": {
      "items": [
        { "instanceId": "i-0abcd1234efgh5678" }
      ]
    }
  }
}

And for S3 bucket deletion:

{
  "eventTime": "2025-07-16T09:35:12Z",
  "eventSource": "s3.amazonaws.com",
  "eventName": "DeleteBucket",
  "requestParameters": {
    "bucketName": "project-data-prod"
  },
  "userIdentity": {
    "type": "IAMUser",
    "userName": "developer-laptop"
  }
}

The 3Y's Framework

Why it happened

Lack of granular review in the Amazon Q Developer Extension codebase.
Over trust in first-party tooling.
Absence of automated supply-chain integrity checks.

Why it matters

Tooling vulnerabilities an bypass perimeter security entirely.
Developers often have over-privileged IAM roles.
Cloud environments can be destroyed without breaching the network first.

Why you should care

Even "official" tools are not immune to compromise.
Your CI/CD pipeline and developers laptops are part of your attack surface.
A single malicious update could trigger irreversible resources loss.

Mitigation & Response

Immediate Patch: Upgrade to v1.85 or later.
Audit Logs: Search CloudTrial for Delete* and Terminate* API calls within the timeframe v1.84 was active.
Credential Rotation: Replace any locally stored AWS keys on developer machines.
IAM Tightening: Apply least-privilege permissions; avoid full admin for dev accounts.
Pipeline Controls: Pin extension versions in CI/CD; disable auto-updates without review.

In cloud security, your perimeter isn't just your VPC - it's your pipeline. Guard your tools like you guard your production buckets.

PreviousCitrixBleed 2 - CVE-2025-5777 (NetScaler)NextCritical Cisco Secure Firewall RADIUS Vulnerability (CVE-2025-20265)

Last updated 6 months ago

Was this helpful?

Good morning

hashtagOverview

hashtagThreat Actor Motive

hashtagAttack Chain

hashtagCLI Log Snippet Example:

hashtagThe 3Y's Framework

hashtagWhy it happened

hashtagWhy it matters

hashtagWhy you should care

hashtagMitigation & Response