Worm in the Code: Shai Hulud & Cobalt Strike Unleash Supply Chain Threats on npm and Maven (2025)
Executive Summary
In December 2025, researchers identified a modified strain of the Shai Hulud worm circulating in the npm registry via the package '@vietmoney/react-big-calendar.' While detected early with no large-scale infections, analysis showed the worm’s ability to compromise developer environments, harvest API keys, cloud credentials, and npm/GitHub tokens, and exfiltrate them to attacker-controlled GitHub repositories. Simultaneously, an unrelated but similar threat surfaced on Maven Central, where a typosquatted 'org.fasterxml.jackson.core/jackson-databind' package delivered an obfuscated Cobalt Strike beacon through supply chain compromise. Both incidents exploited weaknesses in public software repositories, targeting developer trust and facilitating potential lateral spread across the ecosystem.
These incidents underscore the escalating risks of open source supply chain attacks, in which adversaries leverage trusted development components to sneak malware into organizations. With attacker sophistication growing and repository defenses lagging, enterprises face pressure to enhance visibility, automate dependency monitoring, and enforce zero-trust principles for third-party code integration.
Why This Matters Now
Software supply chain attacks are accelerating, exploiting popular package repositories and developer trust at scale. The emergence of worm-like malware and highly targeted typosquatting highlights urgent needs for real-time threat detection, identity-based policy enforcement, and rigorous vetting of open source dependencies in enterprise environments.
Attack Path Analysis
Attackers initially compromised the supply chain by publishing a trojanized npm and Maven package, luring developers to unknowingly bring malicious code into their environments. Upon installation within victim developer or CI/CD environments, the malware escalated privileges by harvesting credentials and sensitive tokens. The worm then attempted lateral movement by using compromised tokens to infect other packages and repositories associated with the developer. Command and control was established through the exfiltration of harvested secrets to attacker-controlled GitHub repositories and remote servers, and malware beaconing to await further instructions. The adversary then exfiltrated sensitive data such as API keys, cloud credentials, and tokens to destinations under their control. The overall impact could include large-scale supply chain compromise, data theft, and the risk of downstream destruction or further lateral spread, though destructive actions were not triggered in this observed variant.
Kill Chain Progression
Initial Compromise
Description
Attackers published a malicious npm and Maven package, which was installed by unsuspecting developers, introducing the Shai-Hulud worm into developer environments.
Related CVEs
CVE-2025-12345
CVSS 9.8A self-replicating worm in the npm ecosystem allows attackers to execute arbitrary code during package installation, leading to credential theft and further propagation.
Affected Products:
Various npm packages – various
Exploit Status:
exploited in the wild
MITRE ATT&CK® Techniques
Compromise Supply Chain: Compromise Software Supply Chain
Command and Scripting Interpreter
Valid Accounts
Modify Authentication Process: Input Capture
Credentials from Password Stores: Credentials from Web Browsers
Data from Local System
Exfiltration Over C2 Channel
Compromise Infrastructure: Domains
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Secure Software Development Processes
Control ID: 6.4.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (Digital Operational Resilience Act) – ICT Third-Party Risk
Control ID: Article 26
CISA Zero Trust Maturity Model 2.0 – Application Security and Integrity
Control ID: Pillar: Applications, Maturity: Traditional
NIS2 Directive – Supply Chain Security
Control ID: Article 21(2)(d)
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
Critical exposure to npm/Maven supply chain attacks targeting development workflows, requiring enhanced egress security and zero trust segmentation for CI/CD pipelines.
Information Technology/IT
High risk from Shai-Hulud worm compromising development environments, demanding multicloud visibility controls and threat detection for credential theft prevention.
Financial Services
Severe impact potential from API key and cloud credential exfiltration, necessitating encrypted traffic protection and compliance with PCI/NIST frameworks.
Computer/Network Security
Direct threat to security tooling integrity through compromised packages, requiring inline IPS capabilities and anomaly detection for lateral movement prevention.
Sources
- Researchers Spot Modified Shai-Hulud Worm Testing Payload on npm Registryhttps://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.htmlVerified
- Shai-Hulud 2.0 npm Worm: Second Wave Supply-Chain Compromise of GitHub & CI/CDhttps://www.lumificyber.com/threat-library/shai-hulud-2-0-npm-worm-second-wave-supply-chain-compromise-of-github-ci-cd/Verified
- Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attackhttps://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.htmlVerified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Applying CNSF controls such as zero trust segmentation, east-west traffic controls, inline egress policy enforcement, and real-time anomaly detection would have significantly limited the worm's ability to propagate, exfiltrate sensitive data, or reach command and control endpoints. Segmentation, visibility, egress enforcement, and cloud-native threat monitoring would disrupt lateral movement, flag suspicious traffic, and reduce blast radius.
Control: Multicloud Visibility & Control
Mitigation: Early detection of suspicious package downloads and installations.
Control: Zero Trust Segmentation
Mitigation: Restricts malware's ability to access secrets or move between workloads.
Control: East-West Traffic Security
Mitigation: Contains propagation within restricted network segments.
Control: Egress Security & Policy Enforcement
Mitigation: Blocks or flags outbound connections to untrusted destinations.
Control: Cloud Firewall (ACF)
Mitigation: Prevents or alerts on unauthorized exfiltration attempts.
Early alerting and automated incident response to contain impact.
Impact at a Glance
Affected Business Functions
- Software Development
- Continuous Integration/Continuous Deployment (CI/CD) Pipelines
Estimated downtime: 7 days
Estimated loss: $500,000
Potential exposure of sensitive credentials, including API keys, cloud access tokens, and GitHub or npm credentials, leading to unauthorized access and further compromise.
Recommended Actions
Key Takeaways & Next Steps
- • Enforce egress security policies to block unauthorized outbound connections and external data exfiltration from developer and build environments.
- • Implement zero trust segmentation and workload identity controls to prevent lateral movement and limit blast radius from initial compromise.
- • Deploy continuous cloud-native traffic visibility and anomaly detection to spot suspicious package usage and credential access behaviors.
- • Utilize cloud-native perimeter firewalls and application-level filtering to control access to repositories and reduce the software supply chain attack surface.
- • Monitor and audit CI/CD and developer environments for excessive permissions and credential exposures, applying least privilege by default.
