# TeamPCP Escalates Supply Chain Attacks with 'Mini Shai-Hulud' Campaign Targeting SAP npm Ecosystem


TeamPCP has compromised multiple npm packages for SAP's cloud application development stack, marking a significant expansion of the threat actor's supply chain attack operations and demonstrating the continued vulnerability of enterprise software supply chains.


## The Threat


Researchers have identified a new supply chain attack campaign in which the infamous threat actor TeamPCP has successfully compromised npm packages used by developers building applications on SAP's cloud platform. The attack, dubbed "Mini Shai-Hulud," represents a calculated escalation of TeamPCP's existing supply chain tactics and reveals a sophisticated understanding of how to infiltrate widely-used development dependencies targeting enterprise customers.


The compromised packages were discovered in the SAP Cloud Application Programming Model (CAP) ecosystem, which is used by thousands of developers building cloud-native applications on SAP's BTP (Business Technology Platform). The attack demonstrates that supply chain threats are no longer limited to small, overlooked libraries—they now directly target dependencies within enterprise development frameworks.


## Background and Context


### TeamPCP's Attack History


TeamPCP has established itself as a prolific threat actor specializing in supply chain attacks over the past 18-24 months. The group has demonstrated:


  • Sophisticated targeting: Focus on widely-used, dependency-heavy packages with significant downstream impact
  • Patient approach: Long-term package maintenance to build trust before payload injection
  • Evasion techniques: Use of obfuscation, delayed execution, and environment-aware payloads
  • Broad scope: Attacks spanning multiple ecosystems including npm, Python, and Ruby

    • Previous TeamPCP campaigns have affected hundreds of thousands of downstream consumers, with some estimates suggesting exposure to millions of developers indirectly.


    ### Why SAP Matters


    SAP is one of the world's largest enterprise software vendors, with systems running critical business processes for over 400,000 organizations globally. The SAP BTP cloud platform hosts applications managing:


  • Financial transactions and accounting
  • Supply chain and inventory management
  • Human resources and payroll
  • Customer relationship management

    • An attack on the SAP development ecosystem means potential compromise of applications that directly impact enterprise operations and sensitive business data.


    ## Technical Details: The 'Mini Shai-Hulud' Attack Mechanism


    The "Mini Shai-Hulud" attack employs several sophisticated techniques:


    ### Attack Vector


    | Phase | Technique | Purpose |

    |-------|-----------|---------|

    | Injection | Obfuscated JavaScript in package.json scripts | Execute code during npm install |

    | Detection Evasion | Environment checks; skip execution in CI/CD detection | Avoid triggering automated security scanning |

    | Payload Staging | Two-stage download from attacker infrastructure | Retrieve actual malicious code after installation |

    | Persistence | Modify build artifacts and configuration files | Ensure payload remains in deployed application |

    | Exfiltration | Harvest environment variables and configuration | Extract credentials and API keys |


    ### How It Works


    When a developer installs an affected package via npm install, the malicious code executes during the installation phase through npm's postinstall scripts. The payload:


    1. Checks the environment – determines if it's running in an automated security scanning environment, CI/CD pipeline, or a legitimate development machine

    2. Avoids detection – if detected as a security tool, the script exits cleanly without executing malicious code

    3. Downloads second-stage payload – connects to attacker-controlled infrastructure to retrieve the actual malicious code

    4. Harvests credentials – extracts environment variables containing API keys, authentication tokens, and database credentials

    5. Modifies build output – injects malicious code into compiled application artifacts


    The sophistication of environment detection is notable—TeamPCP has implemented checks for common security tools, CI/CD platforms, and containerized environments, demonstrating awareness of modern development practices.


    ## Scope and Impact


    ### Affected Packages


    The attack targeted packages within the SAP CAP framework, which includes:


  • @sap/cds – Core CAP runtime
  • @sap/cloud-sdk-core – Cloud SDK dependencies
  • Related utility packages used in application scaffolding

    • Researchers confirmed compromises in at least 5-7 versions of popular SAP packages, with distribution through npm's public registry for several weeks before detection.


    ### Downstream Exposure


    The impact cascades through the SAP ecosystem:

  • Direct developers: Thousands of SAP BTP developers who installed affected versions
  • Enterprise applications: Potentially hundreds of applications deployed with compromised dependencies
  • Business data: Access to credentials enabling lateral movement within SAP environments

    • Early estimates suggest 5,000-10,000 development environments were likely compromised, with hundreds of production deployments potentially affected.


    ## Implications for Organizations


    ### Immediate Risks


    Credential compromise: Developers routinely store SAP BTP credentials, database passwords, and API keys as environment variables. An attacker obtaining these credentials gains direct access to enterprise systems.


    Supply chain persistence: Unlike traditional malware, supply chain compromises persist in the build artifacts and are deployed to production systems, making them difficult to detect and remove.


    Lateral movement: Compromised applications provide attackers with a foothold inside SAP environments, enabling them to move laterally across interconnected systems.


    ### Broader Implications


    This attack underscores a critical vulnerability in modern software development:


  • Dependency explosion: Enterprise applications depend on hundreds of transitive dependencies, making it impossible to audit all code
  • Trust assumptions: Developers implicitly trust that npm packages are legitimate, yet verification is minimal
  • Automated supply chain attacks scale: Once a package is compromised, the attack automatically reaches all downstream consumers

    • ## Detection and Response


    The attack was discovered through:

  • Behavioral monitoring by security researchers identifying suspicious network connections
  • Artifact analysis revealing injected code in deployed applications
  • Timeline correlation between package installation and credential exfiltration

    • Organizations affected by this campaign should:


    1. Audit npm package installations – review package-lock.json and yarn.lock files for affected versions

    2. Rotate all credentials – any secrets stored as environment variables during the compromise window must be considered exposed

    3. Review access logs – check SAP BTP audit logs for unauthorized access using harvested credentials

    4. Scan deployed artifacts – analyze production applications for injected malicious code

    5. Update immediately – SAP has released patched versions of all affected packages


    ## Recommendations


    ### For Development Teams


  • Implement dependency pinning – pin exact versions rather than ranges to prevent automatic installation of compromised versions
  • Use npm audit and supply chain scanning – integrate tools like Snyk, Dependabot, and npm-check-updates into CI/CD pipelines
  • Review package provenance – verify that packages are maintained by official authors, especially for enterprise frameworks
  • Isolate credentials – never store production credentials in environment variables accessible to build processes; use vault services instead
  • Monitor build logs – flag any unusual network activity or environment variable access during installation

    • ### For Security and Operations Teams


  • Conduct incident investigation – determine if your organization installed affected packages and which systems may be compromised
  • Implement runtime monitoring – deploy endpoint detection and response (EDR) solutions to identify suspicious process execution
  • Increase monitoring of SAP systems – elevate alerting for unusual authentication patterns and data access
  • Coordinate with SAP support – engage with SAP security incident response if compromise is confirmed

    • ### For Enterprise Risk Management


  • Re-evaluate third-party risk – supply chain attacks now represent one of the highest-impact attack vectors for enterprise organizations
  • Implement Zero Trust for development – reduce assumptions about the trustworthiness of development tooling and dependencies
  • Plan for supply chain resilience – build capabilities to rapidly detect and respond to dependency-based attacks

    • ## Conclusion


    The TeamPCP "Mini Shai-Hulud" campaign represents a maturation of supply chain attack tactics—moving from targeting obscure packages to directly compromising frameworks used by enterprise development teams. The attack's sophistication, evasion techniques, and scale demonstrate that software supply chains have become a critical security frontier.


    Organizations using SAP's cloud platform should treat this incident with urgency. The combination of compromised credentials and access to enterprise systems creates substantial risk that extends far beyond the affected npm packages themselves.