A Mini Shai-Hulud Targeting the SAP Ecosystem
ATT&CK techniques detected
T1567.001Exfiltration to Code Repository
79%
“as the ones used last week in the @ bitwarden / cli attack. exfiltration infrastructure gitguardian identified 7 commits containing exposed ghp _ tokens — all remain valid and active at 16h46 est. the attacker used the stolen tokens to create public repositories, each named with …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1195.001Compromise Software Dependencies and Development Tools
74%
“a mini shai - hulud targeting the sap ecosystem earlier today, aikido researchers detected multiple compromised node. js packages in sap ' s namespace today. the malware adapts to ci environments, steals github personal access tokens, and uses them to self - propagate — a pattern…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1567.001Exfiltration to Code Repository
58%
“a mini shai - hulud targeting the sap ecosystem earlier today, aikido researchers detected multiple compromised node. js packages in sap ' s namespace today. the malware adapts to ci environments, steals github personal access tokens, and uses them to self - propagate — a pattern…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
7 stolen GitHub tokens. 971 repositories. A self-replicating supply chain attack targeting SAP's Node.js packages — and it's still active. Here's what GitGuardian found.