Full Report
Detect and mitigate malicious npm packages linked to the recent Shai-Hulud-style campaign. Over 25,000 affected repositories across ~350 unique users.
Analysis Summary
# Incident Report: Shai-Hulud 2.0 npm Supply Chain Compromise
## Executive Summary
A significant supply chain attack, dubbed "Shai-Hulud 2.0," utilized trojanized npm packages to compromise developer environments and CI/CD pipelines. The campaign leveraged compromised maintainer accounts to inject malware that executed during the `preinstall` phase, leading to the theft and exfiltration of secrets. The immediate impact spread across over 25,000 repositories associated with approximately 350 unique users, with observations of cross-victim data leakage.
## Incident Details
- Discovery Date: Around November 21-23, 2025 (When trojanized packages were uploaded)
- Incident Date: November 21–25, 2025 (Active exploitation and discovery period)
- Affected Organization: Various open-source projects (Zapier, ENS Domains, PostHog, Postman) and their downstream users.
- Sector: Software Development / Technology (Supply Chain)
- Geography: Global (npm ecosystem)
## Timeline of Events
### Initial Access
- Date/Time: Uploads observed between November 21-23, 2025
- Vector: Compromised npm package maintainer accounts.
- Details: Attackers published trojanized versions of legitimate, popular npm packages to the npm registry.
### Lateral Movement
- Date/Time: Upon installation/execution.
- Vector: Automated replication and credential exploitation.
- Details: The malware executed during the `preinstall` phase on development machines and CI/CD runners, grabbing secrets. Further exploitation observed on 11/25 (Phase Two) and 11/26 using stolen credentials to publish previously private repositories.
### Data Exfiltration/Impact
- Date/Time: Continuous from execution.
- Vector: Exfiltration to attacker-controlled GitHub repositories.
- Details: Developer and CI/CD secrets were exfiltrated. A key feature was *cross-victim exfiltration*, where Victim A's secrets were published to a public repository owned by Victim B.
### Detection & Response
- Date/Time: Starting November 24, 2025 (Wiz monitoring and public disclosure).
- Vector: Security vendor analysis (Wiz Research).
- Details: Initial discovery prompted immediate investigation. Response involved rapid cleanup by package owners (removing malicious versions from npm) and GitHub taking down attacker-created repositories.
## Attack Methodology
- Initial Access: Publishing malicious code within legitimate, popular upstream dependencies on the npm registry.
- Persistence: Not explicitly detailed as traditional persistence, but the attack aimed for immediate execution upon dependency installation. Second phase suggested use of compromised credentials for further activity.
- Privilege Escalation: N/A (Focus was on credential theft rather than system privilege escalation).
- Defense Evasion: Execution via standard package install lifecycle scripts (`preinstall`) which are typically trusted in build environments.
- Credential Access: Directly stealing developer and CI/CD secrets located in the environment where packages are installed.
- Discovery: Implied reconnaissance by targeting and compromising high-reputation packages.
- Lateral Movement: Automated replication resulting in 25,000+ repositories being affected. Exploitation of stolen credentials for further repository publishing.
- Collection: Creation of files like `cloud.json`, `contents.json`, `environment.json`, and `truffleSecrets.json` to stage collected secrets.
- Exfiltration: Pushing collected secrets to specifically structured, public GitHub repositories with Shai-Hulud-related descriptions.
- Impact: Exposure of secrets, publication of previously private source code/data, widespread environment compromise.
## Impact Assessment
- Financial: Not specified, but expected to be high due to widespread credential rotation required.
- Data Breach: Sensitive data including developer secrets, environment configurations, and infrastructure credentials. Over 25,000 repositories across ~350 unique users were impacted.
- Operational: Significant disruption due to the need for urgent review, dependency replacement, and credential rotation across potentially thousands of downstream consumers.
- Reputational: Severe impact on the targeted companies (Zapier, Postman, etc.) due to compromise of widely used packages.
## Indicators of Compromise
- Network Indicators: (No public URLs/IPs defanged due to the nature of this summary, but exfiltration targets were attacker-controlled GitHub repos).
- File Indicators: `setup_bun.js`, `bun_environment.js`, `cloud.json`, `contents.json`, `environment.json`, `truffleSecrets.json`, `discussion.yaml`.
- Behavioral Indicators: Execution of arbitrary code during the `npm preinstall` phase; creation of unusual, specific JSON/YAML files in the working directory; uncontrolled outbound connections from build environments targeting GitHub APIs.
## Response Actions
- Containment: Owners reclaimed several compromised packages, and malicious versions were removed from the npm registry. GitHub initiated repository removal.
- Eradication Steps: Immediate investigation recommended for all npm-based environments.
- Recovery Actions: Rotation of all compromised credentials; auditing GitHub and CI/CD environments for artifacts of the attack.
## Lessons Learned
- Dependency Trust is Vulnerable: Reliance on specific package maintainer accounts introduces significant single points of failure, enabling supply chain attacks even against well-known tools.
- Execution Timing Matters: The use of the `preinstall` phase dramatically expands the blast radius by affecting everything from local development machines to CI/CD pipelines.
- Cross-Victim Leakage: Attackers leveraged compromised victims' accounts to exfiltrate data belonging to *other* victims, complicating attribution and scope assessment.
## Recommendations
- Implement strong dependency verification and use hardened registries prioritizing vetted versions.
- Harden CI/CD pipelines by restricting network egress from build environments and adopting principles of least privilege for secrets access during the install phase.
- Mandate immediate and comprehensive rotation of all secrets originating from environments known to have consumed a compromised dependency.
- Monitor artifact sources (like npm) actively for sudden changes in package behavior or high-prevalence update spikes.