Summary

A sophisticated supply chain attack, dubbed "Mini Shai Hulud" has been attributed to the threat actor group TeamPCP. This operation involves the compromise of SAP-related npm packages through the injection of malicious preinstall scripts. The attack aims to harvest developer and CI/CD secrets from platforms such as GitHub, npm, and major cloud providers, with exfiltration occurring via attacker-controlled GitHub repositories.

Update 30 April: Campaign Expansion

The campaign has expanded beyond the initial SAP package ecosystem to compromise high-profile packages in the PyPI (lightning aka PyTorch Lightning) and npm (intercom-client) registries. The threat actors have shifted tactics to leverage automated CI/CD workflows and compromised maintainer accounts to distribute malicious versions, indicating a highly coordinated and automated propagation strategy.

Affected Systems and/or Applications

The attack targets specific npm packages within the SAP ecosystem, including:

• @cap-js/sqlite - v2.2.2
• @cap-js/postgres - v2.2.2
• @cap-js/db-service - v2.10.1
• mbt - v1.2.48

These packages have been modified to include malicious preinstall scripts that execute during the npm install process.

Update 30 April: Campaign Expansion

• PyPI Packages:
  • lightning (PyTorch Lightning) versions 2.6.2 and 2.6.3
• npm Packages:
  • intercom-client version 7.0.4

Technical Details

The attack begins with the execution of a setup.mjs script, which downloads the Bun runtime and executes an obfuscated payload (execution.js). This payload acts as a credential stealer and propagation framework, targeting developer environments and CI/CD pipelines. It collects sensitive data, including:

• GitHub tokens
• npm credentials
• Cloud secrets (AWS, Azure, GCP)
• Kubernetes tokens
• GitHub Actions secrets

Exfiltration is conducted via public GitHub repositories using encrypted payloads. The malware includes logic to propagate to additional repositories and package distributions. Notably, the operation employs a system check to terminate if the compromised machine is configured for the Russian language, ensuring no data is exfiltrated from Russian-speaking systems.

The attack also introduces browser credential theft capabilities, targeting multiple browsers such as Chrome, Safari, Edge, Brave, and Chromium.

Update 30 April:

• Execution Chain in PyPI: The compromised lightning package includes a hidden _runtime directory containing a downloader and an obfuscated JavaScript payload. A Python script (start.py) automatically executes upon module import, downloading the Bun runtime and running an 11 MB obfuscated payload (router_runtime.js) designed for comprehensive credential theft.
• npm Propagation: The malware modifies local npm packages by injecting a postinstall hook into the package.json file, increments the patch version number, and repacks the .tgz tarballs. If a developer inadvertently publishes these tampered packages, the malware propagates to downstream systems.

Mitigation

Security teams should take the following steps to mitigate the impact of this attack:

1. Identify Exposure: Search environments, lockfiles, artifact stores, and CI logs for affected package versions and malicious files (setup.mjs, execution.js).
2. Rotate Credentials: If exposure is suspected, immediately rotate GitHub tokens, npm tokens, cloud credentials, Kubernetes tokens, and CI/CD secrets.
3. Audit GitHub Activity: Look for suspicious commits, newly created repositories, or indicators such as the propagation keyword and unusual commit authors.
4. Monitor for Indicators of Compromise (IoCs): Utilize the provided file hashes to detect compromised files within your environment.

Update 30 April: Immediate Remediation

1. Block and Remove Malicious Versions: Explicitly block lightning versions 2.6.2 and 2.6.3, as well as intercom-client version 7.0.4. Remove these packages from all developer systems and CI/CD caches if already installed.
2. Downgrade to Clean Releases: Revert to the last known secure versions lightning 2.6.1 and/or intercom-client 7.0.3 at time of writing to restore functionality without the malicious payload.
3. Enforce Branch Protection and Commit Verification: Implement strict branch protection rules requiring pull request reviews and status checks. Enforce commit signature verification (GPG/SSH) to neutralize AI impersonation tactics and detect unauthorized commits

Indicators of Compromise

What the Cyber Fusion Center is Doing

The Cyber Fusion Center (CFC) continues to actively monitor the situation and will issue advisory updates as needed. A threat hunting campaign regarding the above activity will be conducted.

References

• Wiz.io Blog: Mini Shai Hulud Supply Chain Attack
• Socket.dev Blog: lightning PyPI Package Compromised in Supply Chain Attack
• Socket.dev Blog: Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack