Shai-Hulud Campaign Evolution: Miasma, Hades, and AI Scanner Evasion

    Monday, June 15, 2026 In: Threat Research Print

    Date: 06/15/2026

    Severity: Critical

    Summary

    Since November 2025, the Shai-Hulud V2 campaign has evolved significantly beyond typical software supply chain attacks. Over the last six months, the threat expanded from npm into PyPI and shifted focus from compromised maintainers to CI/CD abuse. The attackers undermined trust in SLSA provenance and OIDC-based publishing workflows without breaking cryptographic guarantees. Malicious execution was extended into IDE configuration files, and prompt injection was introduced to evade AI security scanners. ThreatLabz links early waves to TeamPCP (UNC6780), but attribution after May 12, 2026, is now less certain. On that date, the complete worm source code was publicly released under an MIT license, turning it into public attack infrastructure.

    Indicators of Compromise (IOC) List

    Domains/URLs  : 

    models.litellm.cloud

    https://api.anthropic.com/v1/api

    Hash : 

    dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe

    e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d

    c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c

    Files/File Paths :

    setup_bun.js

    bun_environment.js

    .github/workflows/discussion.yaml

    cloud.json

    contents.json

    environment.json

    truffleSecrets.json

    litellm_init.pth

    -setup.pth

    _index.js

    updater.py

    .claude/settings.json

    .cursor/rules/setup.mdc

    .vscode/tasks.json

    .gemini/settings.json

    oven-sh/bun/releases/download

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "https://api.anthropic.com/v1/api" or url like "https://api.anthropic.com/v1/api" or siteurl like "https://api.anthropic.com/v1/api" or domainname like "models.litellm.cloud" or url like "models.litellm.cloud" or siteurl like "models.litellm.cloud"

    Detection Query 2 :

    sha256hash IN ("e1342a80d4b5e83d2c7c22e1e0aaa95f2d88e3dbf0d853a4994b180c93a4b17d","dc48b09b2a5954f7ff79ab8a2fd80202bd3b59c08c7cdbc6025aa923cb4c0efe","c539766062555d47716f8432e73adbe3a0c0c954a0b6c4005017a668975e275c")

    Detection Query 3 :

    resourcename = "Windows Security" and eventtype = "4663" and objectname In ("setup_bun.js","bun_environment.js",".github/workflows/discussion.yaml","cloud.json","contents.json","environment.json","truffleSecrets.json","litellm_init.pth","-setup.pth","_index.js","updater.py",".claude/settings.json",".cursor/rules/setup.mdc",".vscode/tasks.json",".gemini/settings.json","oven-sh/bun/releases/download")

    Detection Query 4 :

    technologygroup = "EDR" and objectname In ("setup_bun.js","bun_environment.js",".github/workflows/discussion.yaml","cloud.json","contents.json","environment.json","truffleSecrets.json","litellm_init.pth","-setup.pth","_index.js","updater.py",".claude/settings.json",".cursor/rules/setup.mdc",".vscode/tasks.json",".gemini/settings.json","oven-sh/bun/releases/download")

    Reference:    

    https://www.zscaler.com/blogs/security-research/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion   


    Tags

    Threat ActorAIShai-huludSupply chain attackTeamPCP

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.