Full Report
Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal credentials and authentication tokens from developers' systems. [...]
Analysis Summary
# Incident Report: Compromise of Official SAP NPM Packages
## Executive Summary
Multiple official SAP npm packages were compromised in a supply-chain attack linked to the threat actor "TeamPCP." The attackers injected malicious code via `preinstall` scripts to deploy a sophisticated information stealer targeting developer credentials, cloud secrets, and CI/CD environment variables. The attack utilized self-propagating mechanisms and memory-scraping techniques to widen the scope of the breach and exfiltrate data via public GitHub repositories.
## Incident Details
- **Discovery Date:** April 29, 2026 (Reported)
- **Incident Date:** April 2026
- **Affected Organization:** SAP (specifically teams using the Cloud Application Programming Model and Cloud MTA)
- **Sector:** Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** April 2026
- **Vector:** Potential exposure of an NPM publishing token via a misconfigured CircleCI job.
- **Details:** Attackers gained unauthorized access to SAP's npm publishing credentials, allowing them to push malicious updates to official packages.
### Lateral Movement
- The malware includes self-propagation logic. Using stolen GitHub and npm tokens, it attempts to modify other repositories and packages the compromised account has access to, effectively spreading the infection across the development ecosystem.
### Data Exfiltration/Impact
- The payload ("mini Shai-Hulud") collects SSH keys, cloud credentials (AWS/Azure/GCP), and CI/CD secrets.
- Data is encrypted and uploaded to new GitHub repositories created under the victim’s account with the description: "A Mini Shai-Hulud has Appeared."
### Detection & Response
- **Detection:** Security researchers from Aikido and Socket identified the malicious code changes and linked them to previous TeamPCP activity.
- **Response Actions:** The compromised versions were deprecated on NPM. SAP was contacted for further remediation.
## Attack Methodology
- **Initial Access:** Compromised NPM publishing tokens (likely via CI/CD leak).
- **Persistence:** Malicious `preinstall` scripts in legitimate package dependencies.
- **Privilege Escalation:** Not explicitly detailed; however, it harvests high-privilege cloud and Kubernetes secrets.
- **Defense Evasion:** Use of heavily obfuscated JavaScript (`execution.js`); loading the Bun runtime from GitHub to bypass standard node-based detection; data encryption before exfiltration.
- **Credential Access:** Scraping `/proc/self/maps` and `/proc/self/mem` to bypass CI platform log masking and extract secrets directly from memory.
- **Discovery:** Dead-drop mechanism using GitHub commit searches for specific strings.
- **Lateral Movement:** Automated injection of malicious code into other accessible repositories using stolen tokens.
- **Collection:** Targeting `.ssh` directories, cloud config files, and CI environment variables.
- **Exfiltration:** Creating public GitHub repositories on the victim's account to store stolen data.
- **Impact:** Compromise of enterprise cloud infrastructure and potential downstream supply-chain secondary infections.
## Impact Assessment
- **Financial:** Unknown; potential for significant loss due to unauthorized cloud resource usage or intellectual property theft.
- **Data Breach:** High-volume theft of authentication tokens, SSH keys, Kubernetes secrets, and environment variables.
- **Operational:** Disruption of SAP development workflows; necessity for widespread credential rotation.
- **Reputational:** High; compromise of an "official" enterprise package provider undermines trust in the NPM ecosystem.
## Indicators of Compromise
- **File indicators:**
- `setup.mjs` (Malicious loader)
- `execution.js` (Obfuscated payload)
- **Behavioral indicators:**
- Unauthorized creation of GitHub repositories with the description "A Mini Shai-Hulud has Appeared".
- Outbound connections to GitHub to download the Bun runtime.
- Commit messages containing `OhNoWhatsGoingOnWithGitHub:`.
- **Affected Package Versions:**
- `@cap-js/sqlite` – v2.2.2
- `@cap-js/postgres` – v2.2.2
- `@cap-js/db-service` – v2.10.1
- `mbt` – v1.2.48
## Response Actions
- **Containment:** Malicious versions were flagged and deprecated on the NPM registry.
- **Eradication:** Affected systems must be wiped; developers must rotate all credentials (SSH, Cloud, NPM, GitHub) that were present on compromised machines or CI runners.
- **Recovery:** Restoration of packages to known-good versions.
## Lessons Learned
- **Token Security:** Sensitive CI/CD tokens must be strictly scoped and regularly rotated.
- **Memory Safety:** Attackers are increasingly using memory-scraping techniques to bypass "log masking" security features in CI platforms.
- **Third-Party Risk:** Even "official" packages from reputable vendors can be compromised; automated dependency auditing is essential.
## Recommendations
- Implement **NPM Provenance** and code-signing to ensure package integrity.
- Use **Secret Scanning** tools to prevent the accidental exposure of NPM/CI tokens in build logs or configurations.
- Enforce **Multi-Factor Authentication (MFA)** for all publishing accounts on package registries.
- Monitor for unusual repository creation or unexpected commit messages within the organizational GitHub footprint.