A targeted open source attack by TeamPCP compromised SAP npm packages to steal developer secrets and infiltrate enterprise pipelines, signalling a shift towards precision supply chain threats.
A targeted open source supply chain attack has hit SAP’s developer ecosystem, with cybercrime group TeamPCP compromising multiple npm packages using a “Mini Shai-Hulud” campaign. The attackers injected malicious preinstall scripts into widely used packages, enabling automatic execution upon installation.
The affected packages—@cap-js/sqlite (v2.2.2), @cap-js/postgres (v2.2.2), @cap-js/db-service (v2.10.1), and mbt (v1.2.48)—are integral to SAP’s Cloud Application Programming Model (CAP) and Cloud MTA Build Tool (MBT), making them high-value targets within enterprise CI/CD pipelines.
According to Wiz researchers, “The campaign leverages a multistage payload to harvest developer and CI/CD secrets across GitHub, npm, and major cloud providers, and exfiltrates the data via attacker-controlled GitHub repositories. It also contains code designed to propagate via compromised tokens.”
The packages, with hundreds of thousands of weekly downloads, offered attackers significant reach. “Instead of spreading across many random packages, this one hit SAP… the potential value of each compromised environment can be very high,” said Raphael Silva.
The attack is attributed to TeamPCP based on shared tradecraft, including RSA-based encryption and multi-stage payloads, and follows earlier compromises of open source tools such as Trivy and KICS. While references to earlier Shai-Hulud attacks exist, Wiz noted no confirmed linkage.
Researchers suggest a misconfigured CircleCI pipeline exposing npm tokens as a possible entry point, though not the sole cause. Similar techniques have also surfaced in attacks on PyPI and npm packages, indicating expanding scope.
Compromised packages were removed, with organisations urged to audit dependencies and rotate all credentials.
