This presentation analyzes the Shai Hulud malware campaign, a self replicating NPM supply chain worm that targets JavaScript and TypeScript ecosystems and directly threatens CI/CD pipelines in the Dutch public sector, including the Judiciary. The second wave of the attack, active since late November 2025, moves execution to the preinstall phase and uses the Bun runtime to evade traditional controls, which means systems are compromised as soon as dependencies are resolved, before builds, tests, or scanners run.
Shai Hulud combines credential theft, worm like propagation, and a destructive wiper. The malware abuses a dropper script, setup_bun.js, which silently installs Bun and launches a large obfuscated payload, bun_environment.js. This payload weaponizes the TruffleHog security tool to harvest cloud keys, GitHub tokens, and NPM credentials, then uses stolen NPM tokens to republish trojanized packages and infect the wider ecosystem. At the same time, it registers infected machines as GitHub Actions self hosted runners, creating persistent remote execution footholds inside internal networks.
A critical feature is the “dead man’s switch” wiper. When the malware can no longer reach GitHub or NPM and cannot propagate, it attempts to shred the user’s home directory on Linux and macOS or wipe the user profile on Windows. This turns a supply chain compromise into a potential sabotage event, with severe consequences for developer workstations, build agents, and release pipelines.
For the Dutch Judiciary and broader public sector, the risk profile is classified as critical. Exfiltrated secrets can expose cloud environments, private repositories, infrastructure as code, and internal package registries, which in turn enables lateral movement and internal worm propagation. Any successful infection is likely to qualify as a significant incident under NIS2 and triggers strict reporting obligations, as well as scrutiny against BIO v1.2 controls for secure development and supplier relationships.
The advisory proposes a phased response. Immediate containment focuses on an anti wiper protocol that suspends suspicious processes instead of simply disconnecting machines, followed by reimaging from known good images and aggressive credential rotation. Short term remediation enforces dependency pinning, npm ci, registry cleanup, and removal of rogue runners and workflows. Strategic hardening introduces strict egress controls, quarantined private registries, OIDC based publishing to eliminate long lived NPM tokens, ephemeral CI runners, network segmentation, and SBOM driven supply chain observability. Together, these measures move the organization from reactive patching to a resilient, sovereignty aware supply chain defense.
djimit123
hatahata021
kazuhitotakahashi
ygoto3
yuyatakeyama
shimotaroo
oracle4engineer
kazzpapa3
kubell_hr
yuhattor
.jpg){kind=avatar}
ikuodanaka
cybozuinsideout
fujiwara3
tammielis
varn
matthewcrist
jct
427marketing
aleyda
akihiro_kokubo
marcduiker
reverentgeek
chriscoyier
paigeccino
kneath
