TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

Supply‑chain attacks have evolved from broad, low‑value hits to precision strikes on enterprise‑grade software, and the Mini Shai‑Hulud campaign exemplifies this shift. By targeting SAP’s Cloud Application Programming Model and the MTA Build Tool, TeamPCP infiltrated a niche yet critical segment of the developer ecosystem. These packages, integral to building and deploying SAP cloud applications, enjoy hundreds of thousands of weekly downloads, meaning a single compromised version can silently infect countless CI pipelines and developer workstations. The attackers’ multistage payload not only exfiltrates credentials but also encrypts the stolen data, complicating detection and response.

Technical analysis reveals that the malicious scripts execute during the npm install phase, immediately harvesting tokens and API keys from the host environment. Researchers traced the initial breach to a likely exposed CircleCI token within the SAP/cloud-mta-build-tool repository, a classic example of credential leakage in automated pipelines. Once in possession of publishing tokens, the group can publish further compromised packages, creating a cascading effect across ecosystems. The payload’s design to terminate on Russian‑language systems suggests a targeted evasion strategy, while the use of a shared RSA key for encryption aligns with TeamPCP’s previous operations.

For enterprises, the incident highlights the necessity of rigorous supply‑chain hygiene. Organizations should audit lockfiles, enforce token least‑privilege policies, and rotate all credentials after any suspected compromise—not just npm tokens. Implementing automated scanning for pre‑install scripts and monitoring for anomalous publishing activity can provide early warnings. As threat actors continue to refine their tactics, a proactive, defense‑in‑depth approach to open‑source dependencies will be essential to safeguard the integrity of critical enterprise platforms like SAP.