Mini Shai-Hulud Worm Targets TanStack, Mistral AI, and Others in Major Supply Chain Attack
Executive Summary
In May 2026, the threat actor TeamPCP launched a sophisticated supply chain attack known as the Mini Shai-Hulud campaign, compromising over 170 npm and PyPI packages, including those from TanStack, Mistral AI, UiPath, OpenSearch, and Guardrails AI. The attackers injected obfuscated JavaScript files into these packages, which, upon execution, profiled the environment and deployed credential-stealing malware targeting cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems. The stolen data was exfiltrated to attacker-controlled domains, and the malware established persistence in development environments by integrating with IDEs like Visual Studio Code. This incident underscores the escalating threat of supply chain attacks, particularly those targeting widely used open-source packages. The use of self-propagating malware that exploits developer environments highlights the need for enhanced security measures in software development pipelines. Organizations must remain vigilant, regularly audit their dependencies, and implement robust monitoring to detect and mitigate such sophisticated attacks.
Why This Matters Now
The Mini Shai-Hulud campaign exemplifies the growing sophistication of supply chain attacks, emphasizing the urgent need for organizations to fortify their software development processes against such threats.
Attack Path Analysis
TeamPCP initiated a supply chain attack by compromising npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, embedding obfuscated JavaScript to execute credential-stealing malware. The malware escalated privileges by harvesting sensitive credentials, including cloud provider keys and CI/CD secrets. Utilizing the stolen credentials, the attackers moved laterally to access additional systems and repositories. They established command and control by exfiltrating data to attacker-controlled domains and GitHub repositories. Exfiltrated data included cloud credentials, cryptocurrency wallets, and AI tool secrets. The impact resulted in unauthorized access to sensitive data and potential propagation of the malware through compromised repositories.
Kill Chain Progression
Initial Compromise
Description
TeamPCP compromised npm and PyPI packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, embedding obfuscated JavaScript to execute credential-stealing malware.
Related CVEs
CVE-2026-45321
CVSS 9.6A supply chain attack in TanStack's npm packages allows attackers to execute arbitrary code via a malicious JavaScript file, leading to credential theft and potential further compromise.
Affected Products:
TanStack TanStack npm packages – 42 packages and 84 versions
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Supply Chain Compromise: Compromise Software Dependencies and Development Tools
Obfuscated Files or Information
Command and Scripting Interpreter: JavaScript
System Information Discovery
Application Layer Protocol: Web Protocols
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure the integrity of software and scripts
Control ID: 6.3.2
NYDFS 23 NYCRR 500 – Application Security
Control ID: 500.08
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA ZTMM 2.0 – Supply Chain Risk Management
Control ID: 3.1
NIS2 Directive – Supply Chain Security
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Direct supply chain compromise of popular npm packages affects software development workflows, requiring immediate dependency audits and enhanced package validation controls.
Information Technology/IT
TeamPCP's Mini Shai-Hulud worm targeting development packages creates significant risk for IT infrastructure through compromised open-source dependencies and toolchains.
Financial Services
Supply chain attacks on development packages pose critical risk to financial applications, requiring enhanced zero trust segmentation and egress security controls.
Health Care / Life Sciences
Compromised npm packages threaten HIPAA compliance through potential data exfiltration vulnerabilities in healthcare applications using affected TanStack and similar dependencies.
Sources
- Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI & More Packageshttps://thehackernews.com/2026/05/mini-shai-hulud-worm-compromises.htmlVerified
- Supply Chain Attack Affecting Numerous npm and PyPI Packageshttps://digital.nhs.uk/cyber-alerts/2026/cc-4781Verified
- Security advisories | Mistral Docshttps://docs.mistral.ai/resources/security-advisoriesVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is relevant to this incident as it could likely reduce the attacker's ability to move laterally and exfiltrate data by enforcing strict segmentation and identity-aware access controls.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The CNSF would likely limit the malware's ability to communicate with unauthorized services, reducing the scope of credential theft.
Control: Zero Trust Segmentation
Mitigation: Zero Trust Segmentation would likely constrain the malware's ability to escalate privileges by limiting access to sensitive credentials.
Control: East-West Traffic Security
Mitigation: East-West Traffic Security would likely reduce the attacker's ability to move laterally by enforcing strict access controls between workloads.
Control: Multicloud Visibility & Control
Mitigation: Multicloud Visibility & Control would likely limit the attacker's ability to establish command and control channels by monitoring and controlling outbound traffic.
Control: Egress Security & Policy Enforcement
Mitigation: Egress Security & Policy Enforcement would likely reduce the attacker's ability to exfiltrate sensitive data by enforcing strict outbound traffic policies.
The overall impact would likely be reduced by limiting unauthorized access and preventing malware propagation through strict segmentation and access controls.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD)
- Cloud Infrastructure Management
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of developer credentials, cloud service tokens, and sensitive source code repositories.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to restrict access between workloads and limit lateral movement.
- • Enforce Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing unauthorized data exfiltration.
- • Deploy Multicloud Visibility & Control to detect and respond to anomalous activities across cloud environments.
- • Utilize Threat Detection & Anomaly Response to identify and mitigate credential harvesting and unauthorized access attempts.
- • Apply Inline IPS (Suricata) to inspect and block malicious payloads during package installation.
