{"id":677,"date":"2025-11-28T08:36:06","date_gmt":"2025-11-28T07:36:06","guid":{"rendered":"https:\/\/lars-hilse.de\/lhx18\/?p=677"},"modified":"2025-11-28T08:36:07","modified_gmt":"2025-11-28T07:36:07","slug":"shai-hulud-2-0-npm-supply-chain-attack-1200-orgs","status":"publish","type":"post","link":"https:\/\/lars-hilse.de\/lhx18\/2025\/11\/shai-hulud-2-0-npm-supply-chain-attack-1200-orgs\/","title":{"rendered":"The Shai Hulud 2.0 Nightmare\u2014When Your Supply Chain Becomes a Credential Harvesting Farm"},"content":{"rendered":"<div class=\"ttr_start\"><\/div>\n<p><\/p>\n\n\n\n<p>The npm package ecosystem just became your worst nightmare, and nobody&#8217;s talking about it enough. Shai Hulud 2.0\u2014detected on November 24, 2025\u2014compromised nearly 1,200 organizations by doing something infinitely worse than simple encryption: it stole runtime secrets directly from memory.<\/p>\n\n\n\n<p>Here&#8217;s where this gets terrifying. Initial reports described it as another supply chain spam attack. Researchers found thousands of malicious GitHub repositories and assumed standard noise. Then Entro Security&#8217;s deeper analysis revealed the actual attack\u2014these weren&#8217;t just repositories meant to clutter GitHub. They were collection layers for a much larger, far more sophisticated operation targeting CI\/CD pipelines.<\/p>\n\n\n\n<p>The attack infected npm packages during the preinstall phase, executing payload scripts when developers installed dependencies. Instead of just scraping static files, Shai Hulud 2.0 captured full runtime environments. We&#8217;re talking about double-base64-encoded memory snapshots containing live credentials, GitHub Personal Access Tokens, AWS secret keys, blockchain production tokens, and Slack API keys. This wasn&#8217;t data exfiltration in the traditional sense\u2014it was&nbsp;<em>environment reconstruction<\/em>.<\/p>\n\n\n\n<p>Think about what that means. An attacker could now replay that exact environment state and have valid access to your infrastructure. The scale was staggering: 1,195 distinct organizations compromised. Tech and SaaS companies got hammered hardest (647 organizations), but financial services (53), healthcare (38), and insurance (26) all took major hits. One semiconductor giant had their self-hosted GitHub Actions runners compromised. A Tier-1 digital asset custody provider saw live blockchain production tokens exposed.<\/p>\n\n\n\n<p>The most damning part? Scans conducted three days after disclosure revealed that some high-value credentials\u2014including Google Cloud Service Account keys\u2014were still valid and hadn&#8217;t been revoked. The attackers had valid entry points into corporate infrastructure, and organizations didn&#8217;t even know how badly they&#8217;d been compromised.<\/p>\n\n\n\n<p>This connects directly to what I&#8217;ve emphasized in my published research on&nbsp;<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/lars-hilse.de\/lhx18\/\">cyber defense and threat assessment models<\/a>. Supply chain attacks exploiting development environments represent a fundamental shift in attack surface. You can&#8217;t just patch your production systems anymore; you need to treat developer workstations and CI\/CD infrastructure as fully compromised until proven otherwise.<\/p>\n\n\n\n<p>The bottom line? If your code gets executed anywhere\u2014local laptop, cloud runner, container environment\u2014it&#8217;s a potential target for memory scraping. Organizations need to rotate all non-human identities immediately and assume their runtime environments are fully compromised.<\/p>\n<div class=\"ttr_end\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Shai Hulud 2.0 just turned the npm ecosystem into a credential harvesting farm. Nearly 1,200 organizations got compromised\u2014and many don&#8217;t even know it yet. The attack wasn&#8217;t just stealing data; it was extracting full runtime environments containing live GitHub tokens, AWS keys, and blockchain production credentials. Three days after disclosure, some of those stolen credentials were still valid. This is what modern supply chain warfare looks like.<\/p>\n","protected":false},"author":1,"featured_media":678,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[71,153,6,8],"tags":[252,257,259,254,258,255,261,260,253,256],"class_list":{"0":"post-677","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","6":"hentry","7":"category-application-security","8":"category-corporate-risks","9":"category-cyber-crime","10":"category-global-risks","11":"tag-ci-cd-pipeline-security","12":"tag-credential-theft","13":"tag-developer-security","14":"tag-github-actions-compromise","15":"tag-malware-2025","16":"tag-npm-supply-chain-attack","17":"tag-open-source-vulnerability","18":"tag-runtime-memory-extraction","19":"tag-shai-hulud-2-0-malware","20":"tag-software-supply-chain-attack","22":"fallback-thumbnail"},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lars-hilse.de\/lhx18\/wp-content\/uploads\/2025\/11\/The-Shai-Hulud-20-NightmareWhen-Your-Supply-Chain-Becomes-a-Credential-Harvesting-Farm.png?fit=960%2C640&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paluiP-aV","jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/comments?post=677"}],"version-history":[{"count":1,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/677\/revisions"}],"predecessor-version":[{"id":679,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/posts\/677\/revisions\/679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media\/678"}],"wp:attachment":[{"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/media?parent=677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/categories?post=677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lars-hilse.de\/lhx18\/wp-json\/wp\/v2\/tags?post=677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}