PyPI attack: Targeting of repository 'shows no sign of stopping'

PyPI: Program code on computer display in magnifying glass
(Image credit: Getty Images)

Cyber security experts have warned that the targeting of the Python Package Index (PyPI) repository is likely to continue given its popularity and potential to cause massive disruption.

PyPI has been targeted numerous times in the past year and has been described as a “highly lucrative target” for cyber criminals.

The repository is the official package index for the Python programming language - the most popular language according to the TIOBE index.

"The comparative naivety of the average user, combined with its prolific use, has led to an attacker's dream,” said Liam Follin, CHECK team leader and consultant at Pentest People, to ITPro.

“If you download and run a Python package, you’re running Python code on your own machine. If, just by publishing a package, you could compromise a large number of machines, it is easy to see why an attacker salivates at the idea.”

Following the attack on PyPI over the weekend, security experts have called on the open source community to “develop new infrastructure and invest more in sharing attack data”.

PyPI attack: What happened?

Registration for new users and project packages on the PyPI index was temporarily blocked over the weekend due to a high volume of “malicious activity”. 

In a notice to users, maintainers of the repository said they had detected a significant volume of malicious projects and users being created on the repository, prompting the strict response. 


Red whitepaper cover with title and logo

(Image credit: Trend Micro)

Uncovering the ransomware threat from global supply chains 

Everything is connected


The outage lasted for nearly 29 hours and appears to have been exacerbated by the fact that some admins were on leave for the weekend, the status report indicated. 

“New user and new project name registration on PyPI is temporarily suspended,” admins said. “The volume of malicious users and malicious projects being created on the index in the past week has outpaced our ability to respond to it in a timely fashion, especially with multiple PyPI administrators on leave.”

“While we re-group over the weekend, new user and new project registration is temporarily suspended.”

While exact details on the incident or the threat actors involved are yet to be disclosed, there are indications that the attack was automated.

Growing open source threats

Researchers at Checkmarx warned that the PyPI attack bears similarities to a host of attacks on open source registries in recent years, and is an issue that has grown in both frequency and intensity. 

In August last year, PyPI admins issued a warning over a sophisticated phishing campaign that aimed to steal credentials from package developers

The JuiceLedger phishing campaign against PyPI contributors successfully compromised a “number of legitimate packages”, researchers at Sentinel Labs revealed at the time. 

“In the past few months, we have witnessed actors publishing overwhelming amounts of malicious packages in several open source registries,” said Tzachi ‘Zack’ Zornstain, head of software supply chain at Checkmarx.

“Among these is the NPM incident early last month that flooded the JavaScript package manager and caused a sporadic denial of service. Late last year, we saw a similar incident on the Nuget package manager, which included over 140,000 malicious packages.”

Understanding threat actors key to open source safety

Checkmarx noted that this type of abuse “isn’t specific to PyPI” and will require more concise communication across the open source community to mitigate growing threats. 

“We must change the mindset from detecting attacks to identifying attackers,” Zornstain said. 

“Only by understanding the attackers’ TTPs and raising the bar will we succeed in keeping the open source community safe. This will require the open source ecosystem to develop new infrastructure and invest more in sharing attack data,” he added.

Follin suggested that the very nature of the PyPI repository makes it difficult to proactively mitigate threats, however. 

“It’s very difficult,” he told ITPro. “PyPI is run by a charity, the Python Foundation, which operates with limited funds. The repository is effectively built on trust, and unfortunately, trust is often misplaced in today's world.”

“In effect, it is down to the end user to ensure the PyPI package they are downloading isn't malicious. At the end of the day, there is only so much The Python Foundation can do to keep things safe.”

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at, or on Twitter and LinkedIn.