APT / THREAT GROUP
Shai-Hulud
2
aliases
Last seen:Mar 17, 2026
Intelligence Profile
A Javascript-based worm propagating through GitHub repositories and exfiltrating tokens and other credentials.
Threat Analysis
Shai-Hulud is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Shai-Hulud
Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
The Hacker News· Jun 26, 2026
GitHub dismissed security reports on flaws now exploited by supply-chain worm, researchers say
The Record· Jun 16, 2026
Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks
SecurityWeek· Jun 9, 2026
Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer
The Hacker News· Jun 9, 2026
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
BleepingComputer· Jun 8, 2026
TeamPCP Supply Chain Campaign: Activity Through 2026-06-07, (Mon, Jun 8th)
SANS ISC· Jun 8, 2026
Supply Chain Attack Hits 32 Red Hat NPM Packages
SecurityWeek· Jun 2, 2026
Red Hat npm packages compromised to steal developer credentials
BleepingComputer· Jun 1, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases2
Also Known As
Shai-Huludjs.shai_hulud
External Intelligence
Malpedia: js.shai_huludResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.