TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityHackers Use AI for Exploit Development, Attack AutomationHackers Use AI for Exploit Development, Attack AutomationbyAlexander CulafiMay 11, 20264 Min ReadСloud SecurityAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsAfter Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsbyNate NelsonMay 7, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryСloud SecurityApplication SecurityCyber RiskThreat IntelligenceNewsTeamPCP Hits SAP Packages With 'Mini Shai-Hulud' AttackSeveral npm packages for SAP's cloud application development ecosystem have been compromised as TeamPCP's supply chain attacks broaden.Rob Wright,Senior News Director,Dark ReadingApril 30, 20266 Min ReadSource: Nature Picture Library via Alamy Stock PhotoUPDATETeamPCP's extensive supply chain campaign continued this week, as the cybercriminal group compromised several SAP npm packages in a "Mini Shai Hulud" attack.The compromised packages went live Wednesday and were quickly spotted by several cybersecurity vendors, including Wiz, Socket, and Aikido Security. Four npm packages for SAP's Cloud Application Programming Model (CAP) and Cloud MTA Build Tool (MBT) were injected with malicious preinstall scripts that execute once the dependency is installed."The campaign leverages a multistage payload to harvest developer and CI/CD secrets across GitHub, npm, and major cloud providers, and exfiltrates the data via attacker-controlled GitHub repositories," Wiz researchers said in a blog post. "It also contains code designed to propagate via compromised tokens."The malware contains hard-coded descriptions for the attacker-controlled repositories: "A Mini Shai-Hulud has Appeared" is an apparent reference to the Shai-hulud worm attacks that have targeted npm packages since September 2025. Related:Hackers Use AI for Exploit Development, Attack AutomationWiz and Socket researchers attributed the SAP attacks to TeamPCP based on technical overlaps and operational similarities to the emerging cybercrime group's previous campaigns. TeamPCP has in recent months compromised the packages of several open source software projects, including Trivy, a security scanner maintained by Aqua Security, and KICS, a Checkmarx-developed tool for static code analysis. The targeting of SAP packages puts a different spin on TeamPCP attacks and potentially heightens the risk for enterprises, according to experts.Mini Shai-Hulud Raises StakesSocket's research team noted in a blog post that the four npm packages have "meaningful reach across the SAP developer ecosystem," with hundreds of thousands of downloads per week. Llike previous TeamPCP attacks, the payloads collected GitHub, npm, Kubernetes, CI/CD, and cloud credentials, which are then used to compromise additional repositories and packages and even breach downstream customer organizations.The poisoned packages include @cap-js/sqlite – v2.2.2; @cap-js/postgres – v2.2.2; @cap-js/db-service – v2.10.1; and mbt – v1.2.48. The CAP packages are connected to SAP cloud deployment workflows, while the MBT package is used to build deployment-ready, multi-target application (MTA) archive files.In a statement to Dark Reading, Socket said it didn’t have a reliable download count of the malicious packages, noting that npm download data can lag and is not always version-specific in real time. "The affected SAP packages have more than half a million aggregate weekly downloads, which makes this a serious exposure concern for the SAP developer ecosystem," the company said.Related:After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud SecretsThe poisoned packages were taken down soon after they were published. Dark Reading contacted SAP for comment on the attacks, and the company responded on Friday with the following statement: "A security note https://me.sap.com/notes/3747787 is published and available for SAP customers and partners." With the targeting of a small number of high-value enterprise software packages, the Mini Shai-Hulud campaign stands out compared to previous supply chain attacks. "Instead of spreading across many random packages, this one hit SAP, where a successful install could run on developer machines or CI jobs with access to GitHub, npm, cloud, and deployment secrets," Raphael Silva, researcher at Aikido Security, tells Dark Reading. "So the package count is small, but the potential value of each compromised environment can be very high. We're probably yet to see the full fallout from this campaign."The attacks were attributed to TeamPCP based on overlapping tradecraft with the group's previous attacks. The attacks use a second-stage payload terminating before data exfiltration if the system is configured for the Russian language. They also use a shared RSA public key to encrypt exfiltrated data in past campaigns.Related:If AI's So Smart, Why Does It Keep Deleting Production Databases?But the campaign's reference to the Shai-hulud worm campaigns appears to be just that — a reference, and nothing more. "While this operation contains references to the Shai-Hulud operations from the fall of 2025, we cannot definitively link them or say they are a separate actor," Wiz researchers noted.Silva also says a notable difference is that "earlier Shai-Hulud waves dumped secrets in the open, while this campaign encrypted the stolen data." Thus, there's no apparent connect between TeamPCP and the earlier Shai-hulud worm attacks. Expanding Scope of Supply Chain AttacksIn past TeamPCP incidents, the threat actors have used the stolen credentials and secrets in one compromised package or open source project to gain access to other packages, creating a cascading series of supply chain attacks.While researchers haven't definitively figured out how TeamPCP actors gained access to the SAP packages, one researcher has a theory. In a post on X yesterday, security engineer Adnan Khan said the likely culprit was an npm token that was exposed to pull request builds in the SAP/cloud-mta-build-tool repository through a misconfiguration in CircleCI.Silva replied in a blog post yesterday that Khan's theory lines up with the technical evidence Aikido's research team found when it examined the repository. But Silva tells Dark Reading that the exposed token may not be the only culprit. "I still think the misconfigured CircleCI build is the strongest lead for the initial 'mbt' credential theft, but it's probably not the single root cause for the whole SAP incident," he says. "These attacks are usually more layered than that. The broad pattern is still the same though: steal the credentials that can publish software, then use the supply chain to reach the next set of victims."Socket reported today that two other supply chain attacks had hit the lightning PyPI package and Intercom's npm package using the same tools and tradecraft as the Mini Shai-Hulud campaign. "The obfuscated JavaScript payload contains many similarities to the Shai-Hulud attacks, overlapping in targeted tokens, credentials and obfuscation methods," Socket researchers said in a blog post on the lightning PyPi package compromise.Regardless of how initial access was achieved for the SAP packages, the Mini Shai-Hulud campaign shows that TeamPCP is a growing threat to the software supply chain with an increasing number of victims — and highly sensitive stolen data — under its belt. "The Mini Shai-Hulud campaign appears to be moving quickly across ecosystems, from SAP-related npm packages to AI/ML Python infrastructure and a widely used SaaS SDK," Socket said in the statement to Dark Reading.In his blog post, Silva urged organizations to search their lockfiles, package caches, CI logs, internal registries, artifact stores, and developer systems for any signs of the poisoned SAP packages, malicious scripts and payloads."If any affected package was installed, rotate secrets. Do not limit rotation to npm tokens," he wrote. "The payload targets GitHub, npm, cloud providers, Kubernetes, CI secrets, and local developer tooling." This article was updated at 7:30 a.m. EST on May 1 to reflect a statement from Socket. This article was updated at 2:00 p.m. EST on May 1 to reflect a statement from SAP.Don't miss the latest Dark Reading Confidential podcast, NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later, for a candid conversation with Chris Inglis, head civilian in charge of the NSA during the Edward Snowden affair. Inglis reflects what the NSA should have done better, what he wants CISOs to know about protecting against their own insider threats, and what his reaction would be if Snowden received a pardon. Listen now!About the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. See more from Rob WrightWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouHow Well Can You See What's in Your Cloud?Implementing CTEM: Beyond Vulnerability ManagementMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETHow Well Can You See What's in Your Cloud?Thurs, June 4, 2026 at 1:00pm ESTImplementing CTEM: Beyond Vulnerability ManagementThurs, May 21, 2026 at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

TeamPCP’s sophisticated supply chain attack campaign, spearheaded by the cybercriminal group known as TeamPCP, has intensified with the targeting of several npm packages within the SAP cloud application development ecosystem. This activity, dubbed a “Mini Shai-Hulud” attack, demonstrates a significant escalation in the group’s tactics and poses a heightened risk to enterprises utilizing SAP’s cloud services, as detailed by Dark Reading. The core of the attack involves injecting malicious preinstall scripts into compromised npm packages – specifically, @cap-js/sqlite – v2.2.2; @cap-js/postgres – v2.2.2; @cap-js/db-service – v2.10.1; and mbt – v1.2.48 – used within the CAP (Cloud Application Programming Model) and MBT (Cloud MTA Build Tool) frameworks. These scripts execute upon installation, allowing the attackers to harvest developer and CI/CD secrets across platforms including GitHub, npm, and major cloud providers. Researchers attribute the attack to TeamPCP due to overlapping tradecraft and operational similarities with the group’s previous campaigns, further emphasizing the evolving sophistication of these cyber threats. The malware’s functionality extends beyond simple data exfiltration, incorporating code designed to propagate via compromised tokens and establishing attacker-controlled GitHub repositories for data storage. The reference to the “Shai-hulud” worm attacks, originating in September 2025, underscores a deliberate strategic element, potentially signaling an established connection to known adversaries. Several cybersecurity vendors, including Wiz, Socket, and Aikido Security, quickly identified and neutralized the compromised packages, indicating a heightened vulnerability within the SAP developer landscape. The scale of the affected packages, with aggregate weekly downloads exceeding half a million, represents a serious exposure concern, particularly given the prevalent use of these tools across the SAP ecosystem. Furthermore, the incident highlights a broader trend of supply chain attacks, wherein attackers leverage compromised open-source software projects to gain access to enterprise systems. The attack methodology mirrors previous TeamPCP operations, involving the collection of credentials from GitHub, npm, Kubernetes, CI/CD systems, and cloud environments for subsequent use in further attacks. This layered approach, combined with the encrypted exfiltration of stolen data, represents a departure from earlier Shai-hulud waves and demonstrates a more refined criminal methodology. The investigation into initial access points is ongoing, with theories suggesting a misconfiguration in CircleCI build processes within the SAP/cloud-mta-build-tool repository as a potential root cause. While the exact origin remains under scrutiny, Silva argues that the compromised token represents a more immediate danger, stressing the importance of immediate remediation steps, including secret rotation across affected systems. The rapid response by security vendors coupled with the attacker’s swift removal of the malicious packages demonstrates the ongoing vigilance within the cybersecurity community. It is imperative that organizations utilizing SAP's cloud offerings execute immediate checks for the injected packages and implement robust security practices to mitigate future supply chain risks, further guided by advice from researchers like Raphael Silva.