More than 100 malicious packages dropped across npm and PyPI in the Shai-Hulud campaign this week—and the reason it’s so hard to stop is structural. The payload rides in on a dependency you’ve already authorized, running with the trust level of installed software. Your perimeter never sees it.
There is a good write up about it here: Active Exploitation Alert: Shai-Hulud Supply Chain Attack Compromises 100+ NPM and PyPI Packages with Self-Spreading Malware – Rescana
Justin Beals, CEO & Founder, Strike Graph had this to say:
“Shai-Hulud is essentially a zero-day executing from behind the firewall. The malicious code rides in on a dependency you’ve already authorized, running with the trust level of an installed package—so the perimeter and network controls most teams lean on never see it.
NIST 800-171 covers more of this surface than people realize. The workhorses are already in the Rev 2 baseline CMMC Level 2 is assessed against: application allowlisting, least privilege to contain credential theft, a maintained component inventory so you can find affected versions fast, and monitoring to catch the post-install behavior a payload generates. Rev 3 goes further—a dedicated Supply Chain Risk Management family and a shift to deny-all, allow-by-exception software control.
But the honest read: a fully compliant shop can still take this hit. Allowlisting and an SCRM plan raise the attacker’s cost and shrink the blast radius—they don’t stop a poisoned build of a package you already trust. A warning to losing too much headcount on the engineering team is that you may be able to run the deep security testing required to secure your dependencies.
Gunter Ollmann, CTO, Cobalt contributes this comment:
“Shai-Hulud highlights how supply chain attacks are evolving from isolated compromises into continuously propagating campaigns. The most dangerous aspect isn’t the initial package infection. It’s the attacker’s ability to steal credentials, abuse trusted relationships, and rapidly expand their foothold across interconnected development environments.
Security teams should assume that software dependencies are part of their attack surface and continuously test for weaknesses in build pipelines, package management processes, credential storage practices, and repository access controls. As these attacks become more automated and self-replicating, organizations will need the same level of continuous validation for their software supply chains that they already apply to cloud and production environments.”
Roman Sannikov, Global Research Coordinator, iCOUNTER adds this:
“Shai-Hulud represents an important evolution in supply chain operations because it combines credential theft, trusted-channel abuse, and autonomous propagation into a single campaign. The attackers are no longer focused solely on compromising software. They’re targeting the trust infrastructure that enables software to move through ecosystems at scale.
The malware is self propagating it doesn’t need to ping back to the command and control for instructions nearly as much as older malware, making it harder to spot by monitoring for suspicious traffic patterns.The lesson for defenders is that visibility alone is not enough. Organizations must be able to identify compromised credentials, understand how trust relationships connect repositories and development environments, and take coordinated action before a localized compromise turns into a broader ecosystem event. Countering these threats requires disrupting the pathways that allow malicious code to spread, not just detecting the code after it arrives.”
I would recommend pulling any and all permissions related to these packages. Then I would get a baseline of NIST 800-171 so that you don’t get caught with your pants down metaphorically speaking.
Related
This entry was posted on June 9, 2026 at 2:44 pm and is filed under Commentary with tags Shai-Hulud. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Shai-Hulud supply chain attacks: Commentary on what NIST 800-171 actually covers (and where it falls short)
More than 100 malicious packages dropped across npm and PyPI in the Shai-Hulud campaign this week—and the reason it’s so hard to stop is structural. The payload rides in on a dependency you’ve already authorized, running with the trust level of installed software. Your perimeter never sees it.
There is a good write up about it here: Active Exploitation Alert: Shai-Hulud Supply Chain Attack Compromises 100+ NPM and PyPI Packages with Self-Spreading Malware – Rescana
Justin Beals, CEO & Founder, Strike Graph had this to say:
“Shai-Hulud is essentially a zero-day executing from behind the firewall. The malicious code rides in on a dependency you’ve already authorized, running with the trust level of an installed package—so the perimeter and network controls most teams lean on never see it.
NIST 800-171 covers more of this surface than people realize. The workhorses are already in the Rev 2 baseline CMMC Level 2 is assessed against: application allowlisting, least privilege to contain credential theft, a maintained component inventory so you can find affected versions fast, and monitoring to catch the post-install behavior a payload generates. Rev 3 goes further—a dedicated Supply Chain Risk Management family and a shift to deny-all, allow-by-exception software control.
But the honest read: a fully compliant shop can still take this hit. Allowlisting and an SCRM plan raise the attacker’s cost and shrink the blast radius—they don’t stop a poisoned build of a package you already trust. A warning to losing too much headcount on the engineering team is that you may be able to run the deep security testing required to secure your dependencies.
Gunter Ollmann, CTO, Cobalt contributes this comment:
“Shai-Hulud highlights how supply chain attacks are evolving from isolated compromises into continuously propagating campaigns. The most dangerous aspect isn’t the initial package infection. It’s the attacker’s ability to steal credentials, abuse trusted relationships, and rapidly expand their foothold across interconnected development environments.
Security teams should assume that software dependencies are part of their attack surface and continuously test for weaknesses in build pipelines, package management processes, credential storage practices, and repository access controls. As these attacks become more automated and self-replicating, organizations will need the same level of continuous validation for their software supply chains that they already apply to cloud and production environments.”
Roman Sannikov, Global Research Coordinator, iCOUNTER adds this:
“Shai-Hulud represents an important evolution in supply chain operations because it combines credential theft, trusted-channel abuse, and autonomous propagation into a single campaign. The attackers are no longer focused solely on compromising software. They’re targeting the trust infrastructure that enables software to move through ecosystems at scale.
The malware is self propagating it doesn’t need to ping back to the command and control for instructions nearly as much as older malware, making it harder to spot by monitoring for suspicious traffic patterns.The lesson for defenders is that visibility alone is not enough. Organizations must be able to identify compromised credentials, understand how trust relationships connect repositories and development environments, and take coordinated action before a localized compromise turns into a broader ecosystem event. Countering these threats requires disrupting the pathways that allow malicious code to spread, not just detecting the code after it arrives.”
I would recommend pulling any and all permissions related to these packages. Then I would get a baseline of NIST 800-171 so that you don’t get caught with your pants down metaphorically speaking.
Share this:
Like this:
Related
This entry was posted on June 9, 2026 at 2:44 pm and is filed under Commentary with tags Shai-Hulud. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.