Microsoft has published comprehensive guidance addressing the Shai-Hulud 2.0 supply chain attack, one of the most significant cloud-native ecosystem compromises observed in recent months.
The campaign represents a sophisticated threat that exploits the trust inherent in modern software development workflows by targeting developer environments, CI/CD pipelines, and cloud-connected workloads to harvest sensitive credentials and configuration secrets.
The Shai-Hulud 2.0 campaign builds upon previous supply chain compromises. However, it introduces alarming enhancements in automation, propagation speed, and targeting breadth.
Threat actors injected malicious code through the preinstall phase of hundreds of npm packages, a technique that executes before tests or security checks can identify the threat.
Particularly concerning is the compromise of maintainer accounts for widely used projects, including Zapier, PostHog, and Postman, demonstrating the attackers’ ability to infiltrate trusted development infrastructure.
Stolen credentials are subsequently exfiltrated to public attacker-controlled repositories, creating risk vectors for further compromise.
Shai-Hulud 2.0 Attack Works
The attack mechanism leverages npm package manipulation through a preinstall script named set_bun.js embedded in package.json files.
When executed, this script checks for an existing Bun runtime binary an alternative JavaScript runtime similar to Node.js and installs it if absent.
The Bun runtime then executes bundled malicious code (bun_environment.js) that downloads and installs a GitHub Actions Runner archive, creating a new GitHub repository with a runner agent named SHA1HULUD.
The archived files include TruffleHog, a credential scanning tool, and Runner.Listener executables used to query systems for stored credentials and retrieve cloud credentials.
Microsoft Defender detected the campaign early through multiple alerts, including suspicious usage of the shred command on hidden files and the dedicated Sha1-Hulud Campaign Detected alert.
Notably, some commits to the newly created repositories were authored under the name “Linus Torvalds,” demonstrating how attackers used fake personas to disguise their activity, underscoring the importance of commit signature verification for development environments.
For immediate mitigation, Microsoft Defender recommends organizations review Key Vault assets for unauthorized access, rapidly rotate and revoke exposed credentials, isolate affected CI/CD agents or workspaces, and prioritize high-risk attack paths to reduce further exposure.
Organizations should also remove unnecessary roles and permissions from identities assigned to CI/CD pipelines, with particular attention to Key Vault access controls.
For npm maintainers specifically, Microsoft advises implementing trusted publishing instead of traditional tokens, strengthening publishing settings to require two-factor authentication for all writes and publishing actions, and preferring WebAuthn over time-based one-time passwords for 2FA configuration.
Additionally, enabling cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus, along with attack surface reduction rules, provides critical protection against emerging threats.
Mitigations
Microsoft Defender XDR customers gain access to detection coverage across endpoints, identities, email, and apps, along with customized hunting queries to identify compromise indicators.
Microsoft Security Copilot integration enables automated incident response and investigation workflows specific to this threat.
For organizations using Microsoft Defender for Cloud, connecting DevOps environments through Azure DevOps, GitHub, or GitLab integrations provides code repository mapping capabilities essential for investigating supply chain incidents.
The Shai-Hulud 2.0 campaign illustrates why traditional network defenses prove insufficient against attacks embedded in trusted package workflows.
A layered defense-in-depth approach combining code security, posture management, and runtime protection correlating telemetry across endpoint behavior, container activities, and runtime anomalies enables security teams to identify compromised devices rapidly, flag suspicious packages, and contain threats before propagation occurs.
Organizations should immediately assess their npm package dependencies and implement the recommended hardening measures.
Indicators of compromise
| Indicator | Type | Description | First seen | Last seen |
|---|---|---|---|---|
| setup_bun.js | File name | Malicious script that installs the Bun runtime | November 24, 2025 | December 1, 2025 |
| bun_environment.js | File name | Script that facilitates credential gathering and exfiltration | November 24, 2025 | December 1, 2025 |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.