The TeamPCP threat group's ongoing Shai-Hulud supply chain attack campaign has claimed another wave of victims. A newly disclosed "Mini Shai-Hulud" operation targeted SAP-related npm packages, PyTorch Lightning, and Intercom client libraries — a combined set of packages downloaded nearly 10 million times per month — compromising approximately 1,800 organizations in the process.
What Is the Shai-Hulud Campaign?
Shai-Hulud is an extended supply chain attack operation attributed to TeamPCP, a threat group that has been active across multiple high-profile incidents in 2026. The campaign takes its name from the enormous sandworm creatures in Frank Herbert's Dune — a reference to the way the attacks tunnel silently through the software supply chain before surfacing to strike.
Previous Shai-Hulud operations targeted developer tooling, security scanning infrastructure, and CI/CD pipelines. The "Mini" designation for this latest wave reflects a more targeted scope compared to earlier, broader operations — but the impact remains significant given the download volumes of the affected packages.
Compromised Packages
The attack poisoned three distinct npm package ecosystems:
SAP npm Packages SAP-related npm libraries used for integration with SAP enterprise systems were among those compromised. These packages are common in enterprise environments running SAP ERP, S/4HANA, or related SaaS products, giving attackers access to high-value corporate environments.
PyTorch Lightning PyTorch Lightning is a widely-used machine learning framework built on top of PyTorch, popular in research and production AI/ML pipelines. Compromising it exposes both research institutions and commercial AI teams.
Intercom Client The Intercom client library is used by SaaS companies to embed customer messaging functionality into their products. Poisoning it gives attackers a foothold in the environments of both the companies using Intercom and potentially their end customers.
Together, the three package sets represent a monthly download volume of nearly 10 million installs — meaning malicious versions, even if live for a short window, could have propagated widely before detection.
Attack Methodology
As with other Shai-Hulud operations, TeamPCP likely compromised the npm accounts of maintainers through credential theft or social engineering, then published malicious versions of legitimate packages. The malicious versions include credential-stealing implants that exfiltrate authentication tokens, API keys, and environment secrets from build pipelines and developer machines where the packages are installed.
The attack follows a now-established playbook:
- Compromise maintainer credentials via phishing or credential stuffing
- Publish malicious package versions that appear legitimate
- Harvest secrets from CI/CD pipelines, developer machines, and cloud environments that install the package
- Establish persistence in compromised environments for follow-on attacks
Scale of Impact
Approximately 1,800 organizations are believed to have installed one or more of the compromised package versions. Given the enterprise nature of SAP integrations and the wide adoption of Intercom, victims likely span multiple sectors including finance, healthcare, SaaS, and manufacturing.
This incident follows the earlier April 2026 SAP-related supply chain attack — reported on CosmicBytez Labs as the TeamPCP Mini Shai-Hulud SAP packages story — confirming that the group continues to refine and expand its targeting of enterprise software supply chains.
Detection and Response
Organizations should immediately:
- Audit npm lock files — Check
package-lock.jsonoryarn.lockfor affected package versions published after suspicious dates - Rotate all secrets — Any credentials, tokens, or API keys accessible from environments where these packages were installed should be considered compromised and rotated immediately
- Review CI/CD logs — Look for unexpected outbound network connections or data exfiltration from build pipelines
- Pin package versions — Until the situation is fully resolved, pin to known-good versions and verify checksums against trusted sources
- Enable npm audit — Run
npm auditand cross-reference against published advisories for the affected packages
Broader Supply Chain Security Concerns
The Mini Shai-Hulud operation is the latest in a year of escalating supply chain attacks targeting the npm ecosystem. From the Axios npm compromise linked to North Korean threat actors in early April, to the PyTorch Lightning and Intercom poisonings disclosed today, the pattern is clear: the software supply chain is a primary attack surface in 2026.
Organizations relying on open-source packages — which is to say, virtually all modern software teams — must invest in dependency auditing, package integrity verification, and rapid secret rotation capabilities as baseline security practices.