Full Report
A new wave of the Shai-Hulud–style supply-chain attack has trojanized hundreds of npm packages—including widely used components from Zapier, ENS Domains, PostHog, and Postman—resulting in more than 25,000 GitHub repositories populated with stolen secrets. Beginning on November...
Analysis Summary
# Incident Report: Shai-Hulud 2.0 Supply Chain Attack
## Executive Summary
An ongoing, large-scale supply-chain attack campaign, dubbed Shai-Hulud 2.0, began around November 24, 2025, where threat actors published trojanized versions of hundreds of npm packages. This resulted in the widespread theft of secrets, potentially impacting over 25,000 GitHub repositories, including assets belonging to major users like Zapier and Postman. The attack leverages compromised maintainer accounts to inject preinstall-stage malicious code, leading to the exfiltration of developer and cloud credentials.
## Incident Details
- **Discovery Date:** November 24, 2025 (Inferred, as the article states the attack "Beginning on November 24")
- **Incident Date:** Beginning November 24, 2025
- **Affected Organization:** Multiple organizations utilizing vulnerable npm packages (e.g., Zapier, ENS Domains, PostHog, Postman)
- **Sector:** Technology/Software Development
- **Geography:** Global (Due to the nature of npm and GitHub usage)
## Timeline of Events
### Initial Access
- **Date/Time:** Beginning November 24, 2025
- **Vector:** Compromised npm package maintainer accounts.
- **Details:** Attackers leveraged compromised maintainer accounts to publish malicious package versions containing credential-stealing code that executes during the `preinstall` phase upon package installation.
### Lateral Movement
- **Vector:** Abuse of stolen credentials within the development ecosystem.
- **Details:** Stolen credentials (GitHub tokens, cloud secrets—AWS, GCP, Azure) were used to automate further malicious actions. The malware deployed a backdoor by registering compromised machines as self-hosted GitHub runners, triggered via GitHub Discussions.
### Data Exfiltration/Impact
- **Vector:** Automated exfiltration using compromised GitHub infrastructure.
- **Details:** Secrets were harvested from developer machines and CI/CD pipelines. Information was exfiltrated to attacker-controlled GitHub repositories. By November 27, hundreds of cloud credentials and nearly 800 GitHub access tokens were identified as compromised.
### Detection & Response
- **How it was discovered:** Researchers identified the campaign shortly after its start on November 24, noting rapid generation of exfiltration repositories (approx. 1,000 every 30 minutes).
- **Response actions taken:** Ongoing mitigation efforts, focusing on the removal of most malicious package versions from the npm registry.
## Attack Methodology
- **Initial Access:** Supply Chain Compromise (Publishing trojanized npm packages leveraging compromised maintainer accounts).
- **Persistence:** Deployment of a persistent backdoor via self-hosted GitHub Runners, triggered by GitHub Discussions.
- **Privilege Escalation:** Attempted privilege escalation through IAM manipulation within compromised cloud environments (AWS, GCP, Azure).
- **Defense Evasion:** Use of legitimate ecosystem features (GitHub Actions artifacts) to hide exfiltrated data.
- **Credential Access:** Credential harvesting from code repositories and developer machines via Infostealer infection (malicious preinstall scripts).
- **Discovery:** (Not explicitly detailed, but likely reconnaissance on target repositories post-credential compromise).
- **Lateral Movement:** Abuse of valid credentials (GitHub tokens, cloud secrets) to perform actions across victim environments.
- **Collection:** Harvesting of repository secrets and cloud credentials.
- **Exfiltration:** Uploading secrets as artifacts via malicious GitHub Actions workflows and dumping cloud secrets into attacker-controlled GitHub repositories.
- **Impact:** Compromise of proprietary secrets, cloud environments, and developer systems.
## Impact Assessment
- **Financial:** Not explicitly stated, but exposure of cloud credentials suggests high risk of financial loss via resource misuse.
- **Data Breach:** Stolen secrets, AWS, GCP, and Azure credentials, GitHub access tokens (nearly 800 identified by Nov 27). Impacted over 25,000 GitHub repositories.
- **Operational:** Disruption to development pipelines utilizing the compromised packages. Risk of container breakout attempts.
- **Reputational:** Significant reputational damage to affected downstream users (e.g., Zapier, Postman) whose components were used in the attack.
## Indicators of Compromise
- **Network indicators (Defanged):** *Not applicable; focus is on package and repository activity.*
- **File indicators:** Existence of payload files such as `setup_bun.js`, `bun_environment.js`.
- **Behavioral indicators:** Execution of code during the `preinstall` phase of npm package installation; suspicious GitHub Actions workflows; registration of self-hosted runners via GitHub Discussions.
## Response Actions
- **Containment measures:** Ongoing removal of malicious package versions from the npm registry.
- **Eradication steps:** (Implied) Revocation and rotation of all exposed GitHub tokens and cloud credentials.
- **Recovery actions:** (Implied) Remediation of affected CI/CD pipelines and developer machines.
## Lessons Learned
- **Key takeaways:** The reliance on maintainer trust in the open-source ecosystem (npm) remains a critical vulnerability vector. Automation (GitHub Actions, self-hosted runners) can be weaponized effectively once credentials are stolen.
- **What could have been done better:** Improved monitoring/auditing of package preinstall scripts and stricter access controls (MFA, granular permissions) on maintainer accounts.
## Recommendations
- **Prevention measures for similar incidents:** Implement strict dependency scanning (SCA) tooling that analyzes execution logic, not just metadata. Mandate multi-factor authentication (MFA) for all package maintainer accounts. Utilize ephemeral environments for CI/CD pipelines to limit the blast radius of stolen secrets.