EXECUTIVE SUMMARY
A supply-chain attack has been detected targeting the npm ecosystem, with a focus on compromising TanStack packages. The attackers appear to be a well-organized group, with a clear goal of data theft and disruption. The attack has been linked to a large-scale campaign known as Mini Shai-Hulud, which has already compromised several other packages, including those from UiPath and Mistral AI. The compromised TanStack packages have been modified to add a suspected credential stealer targeting various CI systems, including GitHub Actions. The attack is significant due to the widespread adoption of TanStack packages and the potential for the attackers to gain access to sensitive information and disrupt critical systems.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
A supply-chain attack has been detected targeting the npm ecosystem, with a focus on compromising TanStack packages. The attackers appear to be a well-organized group, with a clear goal of data theft and disruption. The attack has been linked to a large-scale campaign known as Mini Shai-Hulud, which has already compromised several other packages, including those from UiPath and Mistral AI. The compromised TanStack packages have been modified to add a suspected credential stealer targeting various CI systems, including GitHub Actions. The attack is significant due to the widespread adoption of TanStack packages and the potential for the attackers to gain access to sensitive information and disrupt critical systems.[emaillocker id="1283"]
The malware, which is disguised as an initialization module for the TanStack router package, uses a combination of credential-harvesting and worm propagation mechanisms to spread across the npm ecosystem. It can steal credentials from GitHub Actions, AWS, HashiCorp Vault, and Kubernetes, and can also republish itself to the npm registry under the stolen identity of compromised maintainers. The malware uses a heavily obfuscated JavaScript payload to hide its functionality, making it difficult to detect and analyze. It also uses a secondary decode layer to encode its process.env accesses, making it harder to identify the targeted secrets.
This attack is particularly concerning due to the ease with which it can be spread and the potential for widespread disruption. The attackers have already compromised several high-profile packages, and the malware's ability to propagate itself and steal sensitive information makes it a significant threat to organizations that rely on these packages. To mitigate this risk, organizations should immediately triage their dependencies, rotate all secrets, and implement additional security measures, such as Subresource Integrity and package lock verification. They should also monitor their npm publishing logs for any unexpected publishes and restrict OIDC token scopes in GitHub Actions workflows.
THREAT PROFILE:
| Tactic | Technique ID | Technique | Sub-technique |
| Initial Access | T1566 | Phishing | — |
| Execution | T1204 | User Execution | — |
| Defense Evasion | T1027 | Obfuscated Files or Information | — |
| Defense Evasion | T1070 | Indicator Removal | — |
| Defense Evasion | T1564 | Hide Artifacts | — |
| Defense Evasion | T1112 | Modify Registry | — |
| Defense Evasion | T1014 | Rootkit | — |
| Command and Control | T1105 | Ingress Tool Transfer | — |
| Command and Control | T1102 | Web Service | — |
| Exfiltration | T1041 | Exfiltration Over C2 Channel | — |
| Exfiltration | T1048 | Exfiltration Over Alternative Protocol | — |
| Impact | T1486 | Data Encrypted for Impact | — |
| Impact | T1490 | Inhibit System Recovery | — |
REFERENCES:
The following reports contain further technical details:
https://socket.dev/blog/tanstack-npm-packages-compromised-mini-shai-hulud-supply-chain-attack
[/emaillocker]