Shai-Hulud Hackers TeamPCP: Lucky or Skilled Operators? TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposFeeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposbyRob WrightMay 26, 20264 Min ReadApplication SecurityThe Hackers Behind Shai-Hulud: Lucky or Skilled?The Hackers Behind Shai-Hulud: Lucky or Skilled?byAlexander CulafiMay 26, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite PapersAdvertise With Us About UsMeet the EditorsPartner PerspectivesDark Reading Resource LibraryHeard It From a CISOApplication SecurityVulnerabilities & ThreatsCybersecurity OperationsData PrivacyNewsThe Hackers Behind Shai-Hulud: Lucky or Skilled?TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to skill alone.Alexander Culafi,Senior News Writer,Dark ReadingMay 26, 20265 Min ReadSource: Oleksandr Perepelytsia via Alamy Stock PhotoTeamPCP has made a name for itself as a scourge of the open source community following Shai-Hulud, but the group's attack history is less "sophisticated threat actor" and more "right place, right time" luck.A financially motivated threat actor, TeamPCP formally emerged in late 2025, making a name exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js. As researchers from Flare recently noted, the group would historically use opportunistic compromises to conduct ransomware, steal data to turn around and sell, and mine cryptocurrency. The group's rise in notoriety this year came alongside its increasing focus on software supply chain compromises. Starting last summer, the group's Shai-Hulud worm ravaged the open source development ecosystem with its capacity to self-replicate and then poison developers downstream. If developers downloaded an open source node package manager (npm) component poisoned with Shai-Hulud, the worm would go on to infect any of the components that those developers contribute, uploading malicious updates to these otherwise legitimate components. Related:Feeding Frenzy: 'Megalodon' Malware Infects Thousands of GitHub ReposTeamPCP is widely believed to be one of the, if not the, primary threat actor behind the Shai-Hulud attacks. TeamPCP Rattles the Software EcosystemTeamPCP followed the initial Shai-Hulud with waves of successor attacks, including malware like GlassWorm, before ultimately releasing open source code for Shai-Hulud earlier this month. Researchers speculated that the threat actor did this as a way to scale Shai-Hulud's potential (as TeamPCP's command-and-control infrastructure was tied to the open source code), overwhelm defenders, and advertise an affiliate program the group had just launched. And most recently, TeamPCP took credit for a compromise against GitHub, where an employee downloaded a poisoned VS Code extension that resulted in the theft of approximately 4,000 repositories of private code.Ilkka Turunen, field chief technical officer at Sonatype, tells Dark Reading that this latest incident is a reminder that developers are now "permanent targets" in software supply chain attacks. "TeamPCP has shown how a motivated attacker can move through the tools developers trust every day — open source packages, extensions, accounts, and credentials — rather than trying to break in through the front door," Turunen says.One of the more notable aspects about TeamPCP is that it threw such an aggressive wrench into the open source ecosystem despite being only a few months old as a group and not necessarily the biggest threat actor out there. Related:GitHub Confirms Breach, 4K Internal Repos StolenThat said, its formal "age" may be misleading, as some researchers date TeamPCP activity to 2024, and threat actors don't necessarily start their cybercrime careers with the forming of a new group. Rather, the individuals that make up a cybercrime outfit may carry multiple affiliations, and core members may jump from group to group as one threat brand stops being effective (such as via law enforcement compromise or reputational loss). TeamPCP's Cybercrime Success: Luck or Sophistication?Kevin Tian, CEO and co-founder of Doppel, tells Dark Reading that the threat actor didn't just get lucky. Rather, he says, TeamPCP understands how to exploit modern trust relationships inside software development environments. "What stands out is less raw technical sophistication and more operational effectiveness," Tian explains. "TeamPCP appears highly capable of combining social engineering, trusted-platform abuse, and AI-assisted reconnaissance to move faster than traditional security defenses were designed to handle. They're proving attackers no longer need advanced zero-days when they can compromise trusted identities, trusted tools, and trusted workflows instead."Related:'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsThe CEO calls this part of a larger trend among cybercriminals who are choosing to target user trust (such as the idea that an open source component with millions of downloads won't be poisoned) rather than infrastructure directly. Elements of this trend can be seen elsewhere, such as in ClickFix attacks (which exploit a user's trust in software prompts), and an increasing sophistication in social engineering attacks. Melissa Bischoping, senior director of security and product design research at Tanium, meanwhile says TeamPCP's rise isn't necessarily a question of sophistication or luck, but rather something that speaks to the realities of developer-focused supply chain attacks. “Supply chain attacks on developer tooling have such favorable mechanics for the attacker that capable crews can score outsized impact, and that's most of what's going on here," she tells Dark Reading. "The Mini Shai-Hulud campaigns are among the first worms we've seen actually weaponize SLSA [Supply-Chain Levels for Software Artifacts, an OpenSSF security framework used to prevent tampering with software builds] provenance attestation, and that shows technical depth and creativity, but I don't think they rise to the level of truly sophisticated overall. The rest of the operational pattern reads as mid-tier cybercrime with a good eye for targets and a great marketing strategy."In this way, TeamPCP is reminiscent of DragonForce, a newer ransomware-as-a-service (RaaS) group that gained prominence less because it was particularly sophisticated and more because it effectively marketed itself. DragonForce is a fairly prolific group best known for its white-labeling service, in which would-be cybercriminals can use their own branding on top of DragonForce infrastructure.Charlie Eriksen, security researcher at Aikido Security, notes that TeamPCP is heavily inspired by other threat actors and heavily leans on AI in building its payloads. Similar to Bischoping's comments, Erikson observes that the gang's tactics don't exactly require sophistication."They don't really need to be sophisticated though, because once you have a publishing credential for a popular extension you've got a direct push channel into every machine running it," he explains. "They figured out early that open source developer tooling was a soft target, and they've just been hitting it consistently since."About the AuthorAlexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. At Dark Reading, he covers a variety of cybersecurity topics, including the cybercrime ecosystem, open source security, and the intersection between AI and threat actors. In his spare time, Alex hosts the weekly Nintendo podcast, "Talk Nintendo Podcast," and works on personal writing projects, including two previously self-published science fiction novels.He has received numerous awards, including TechTarget's Writer of the Year in 2022 as well as more than 10 Azbee awards for his reporting between 2022 and today. See more from Alexander CulafiWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyEssential News & Insights from Black Hat USA 2025How Enterprises Are Harnessing Emerging Technologies in CybersecurityAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Cybersecurity for Resource-Constrained OrganizationsAI-Powered Credential Security: Intelligence Without ExposureMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackThurs, June 25, 2026, at 1pm ESTDefending in the Shadow Era: When the CVE Feed Goes DarkTues, June 16, 2026 at 1pm ESTBuilding SecOps That Make the Most of Every DollarThurs, July 9, 2026 at 1pm ESTAI-Powered Credential Security: Intelligence Without ExposureWed, June 17, 2026, at 1pm ESTAI-Powered Cybersecurity for Resource-Constrained OrganizationsThurs, June 18, 2026, at 1pm ESTMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

TeamPCP, the group responsible for the Shai-Hulud worm, has caused significant disruption to the open source ecosystem, although their notoriety stems more from opportune timing than overwhelming technical skill. The group formally emerged in late 2025, initially exploiting vulnerabilities like React2Shell and targeting misconfigured Docker APIs and Next.js. Historically, researchers suggested that TeamPCP typically engaged in opportunistic compromises for ransomware, data theft, and cryptocurrency mining. However, their recent notoriety has shifted toward software supply chain compromises, where the Shai-Hulud worm was used to infect developers downstream by poisoning open source node package manager components, thereby pushing malicious updates into legitimate libraries.

TeamPCP subsequently expanded these attacks, following the initial worm with successor malware like GlassWorm and eventually releasing open source code for Shai-Hulud. This escalation is speculated to have involved scaling the worm's potential, overwhelming defenders, and promoting an affiliate program they had launched. Most recently, the group claimed a compromise against GitHub, where an employee's action led to the theft of approximately four thousand repositories of private code. This event underscores the vulnerability of developers, as noted by Ilkka Turunen, field chief technical officer at Sonatype, who stated that developers are now "permanent targets" in software supply chain attacks, demonstrating that attackers can compromise trusted identities, tools, and workflows rather than solely relying on zero-day exploits.

The operational effectiveness of TeamPCP is often attributed less to raw technical sophistication and more to operational execution. Kevin Tian, CEO and co-founder of Doppel, indicated that the group excels at combining social engineering, trusted-platform abuse, and artificial intelligence-assisted reconnaissance to move faster than conventional security defenses are designed to handle. This approach demonstrates that attackers are increasingly bypassing the need for advanced zero-days by targeting established trust relationships within software development environments. Melissa Bischoping, senior director of security and product design research at Tanium, observed that the favorable mechanics of supply chain attacks on developer tooling allow capable crews to achieve outsized impact. She noted that the campaigns weaponized SLSA provenance attestation frameworks, indicating technical creativity, but suggested the overall pattern was indicative of mid-tier cybercrime with a strong marketing strategy.

This pattern is comparable to other threat actors, such as the ransomware-as-a-service group DragonForce, which gained prominence through effective marketing rather than unparalleled technical sophistication. Charlie Eriksen, a security researcher at Aikido Security, further observed that TeamPCP’s tactics do not necessitate extreme sophistication because they leverage inherent access, noting that an individual with a publishing credential for a popular extension gains direct access to every machine running it. This highlights the realization that open source developer tooling serves as a soft target, and the group has consistently exploited this fact. Ultimately, the rise of TeamPCP reflects a broader trend where cybercriminals target user trust, as seen in attacks exploiting software prompts, and where social engineering is increasingly effective, demonstrating the realities of developer-focused supply chain security concerns.