The Rise of Shai-Hulud: Evolution of a Supply Chain Threat from Package Compromise to Multi-Ecosystem Propagation

    Friday, June 26, 2026 In: Threat Research Print

    Date: 06/26/2026

    Severity: High

    Summary

    Software supply-chain attacks have evolved from isolated package compromises into sophisticated campaigns targeting developer ecosystems through credential theft, repository compromise, and CI/CD abuse. The Shai-Hulud activity cluster and its evolution into Mini Shai-Hulud demonstrate this shift, culminating in the modular Miasma framework for multi-ecosystem propagation. This report analyzes the evolution of these campaigns and provides a technical breakdown of Miasma's architecture, credential harvesting, and propagation mechanisms. 

    Indicators of Compromise (IOC) List

    Hash:

    6331d1511783dcb1158fb54775f563e90399b3a2a81a584d3cba9a77f63d15a7

    58215f1d737443fd782f91c57ec10ad58109a96470054707fc6bfd6358abe468

    3f3f42d072bd36860ab7bd7fb5e10ac0d22c741c13c89505ccd6ec0ea572eea7

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    sha256hash IN ("3f3f42d072bd36860ab7bd7fb5e10ac0d22c741c13c89505ccd6ec0ea572eea7","6331d1511783dcb1158fb54775f563e90399b3a2a81a584d3cba9a77f63d15a7","58215f1d737443fd782f91c57ec10ad58109a96470054707fc6bfd6358abe468")

    Reference:   

    https://gurucul.com/blog/the-rise-of-shai-hulud-evolution-of-a-supply-chain-threat-from-package-compromise-to-multi-ecosystem-propagation/ 


    Tags

    MalwareGuruculSupply chain attackCredential HarvestingShai-huludNode Package Manager (NPM)GitHub

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.