← Back to Intel Feed Snapshot (2026-06-20)

A sophisticated supply chain campaign, attributed to the suspected threat actor TeamPCP, has simultaneously targeted the Mastra AI framework via npm, GitHub Actions CI/CD workflows, and the Arch Linux User Repository (AUR). The attack utilized dormant contributor account takeovers to poison the @mastra npm scope using the easy-day-js dependency and hijacked GitHub Action version tags to exfiltrate CI/CD credentials. Additionally, over 1,500 AUR packages were compromised with eBPF-based rootkit malware. This coordinated infrastructure, linked by the "Mini Shai-Hulud" worm, facilitates widespread code execution, credential theft, and persistent rootkit deployment across development, DevOps, and end-user Linux environments.

  • Incident Overview and Scope

    • Targeted Ecosystems: Simultaneous strikes against the npm registry (@mastra scope), GitHub Actions (DevOps pipelines), and the Arch Linux User Repository (AUR).
    • Scale of Impact: Compromise of 144 Mastra AI packages, redirection of widely-used GitHub Actions, and infection of approximately 1,500 AUR packages.
    • Coordinated Infrastructure: The campaign is unified by the "Mini Shai-Hulud" worm, linking disparate attack vectors into a single, multi-stage operation.
  • Attack Vector Mechanics

    • npm Dependency Poisoning: Attackers utilized dormant contributor account takeovers to inject malicious code into the @mastra scope, specifically leveraging the easy-day-js dependency for resolution hijacking.
    • CI/CD Tag Hijacking: Exploited actions-cool workflows by redirecting version tags, allowing the interception and exfiltration of sensitive GitHub Actions secrets.
    • Linux Kernel Exploitation: Deployed eBPF-based rootkit-like malware within the AUR to achieve stealthy, high-privilege persistence on Linux-based user environments.
  • Malware and Payload Profile

    • Shai-Hulud/Mini Shai-Hulud: A sophisticated worm/infrastructure used to bridge the gap between npm dependency poisoning and CI/CD hijacking.
    • Payload Functionality: Payloads include cross-platform cryptocurrency stealers and deep-system rootkits designed for long-term environmental persistence.
    • Evasion Techniques: Utilization of eBPF allows for kernel-level stealth, making detection via traditional user-space security tooling difficult.
  • Threat Actor Profile and Systemic Risk

    • Attribution: The complexity and coordination of the campaign strongly suggest the involvement of the TeamPCP threat group.
    • Lifecycle Compromise: The attack demonstrates an ability to compromise the entire software development lifecycle (SDLC), from AI framework development to production deployment.
    • Strategic Impact: The targeting of AI ecosystems (Mastra) and DevOps tooling (GitHub Actions) indicates a high-intent focus on modern enterprise infrastructure.
  • Defensive Recommendations

    • Supply Chain Integrity: Implement strict dependency pinning and integrity verification (e.g., SHA-256 hashes) rather than relying on floating version tags or semantic versioning.
    • CI/CD Hardening: Use immutable commit SHAs for all GitHub Actions to prevent version tag hijacking and secret exfiltration.
    • Linux Security Monitoring: Deploy eBPF-aware security monitoring to detect unauthorized kernel-level programming and anomalous system calls.

Related posts

  1. appsec.fyi — Mastra AI Framework Poisoned in npm Supply-Chain Attack
  2. microsoft.com — From package to postinstall payload: Inside the Mastra npm supply chain compromise
  3. appsec.fyi — A Forgotten Contributor Account Compromised the Entire Mastra npm Package Scope
  4. penligent.ai — Mastra npm Supply Chain Attack, What easy-day-js Did and How to Respond
  5. Hexnode Blog — Mastra npm Supply-Chain Attack Compromises 144 AI Framework Packages
  6. techjacksolutions.com — Tag Hijacking in actions-cool Workflows Exposes CI/CD Pipelines to Active Credential Exfiltration
  7. threatlocker.com — The Mastra supply chain attack wasn't about AI
  8. Labs
  9. Privacyguides
  10. Stepsecurity
  11. bleepingcomputer.com — Microsoft links Mastra AI supply chain attack to North Korean hackers
  12. techjacksolutions.com — Sapphire Sleet Escalates npm Campaign: 140+ Mastra AI Packages Weaponized to Harvest Credentials and Crypto Wallets
  13. Daily
  14. threat-modeling.com — North Korean Hackers Linked to Mastra AI Supply Chain Attack — AI/ML Ecosystem Targeted
  15. gbhackers.com — Sapphire Sleet Hijacks npm Maintainer Account to Publish Poisoned Mastra Packages
  16. Cybersecurity News — North Korean Hackers Abuse Mastra npm Supply Chain to Target Developers and CI/CD Pipelines
  17. techjacksolutions.com — Weekly Security Intelligence Briefing — Week of 2026-06-22
  18. Aiweekly
  19. Bankinfosecurity
  20. Thehackernews
  21. Orca
  22. appsec.fyi — AUR suspends new registrations as 1500-plus malicious packages flood repository
  23. Safedep
  24. Stepsecurity
  25. Neuracybintel
  26. Reddit
  27. SecurityWeek — Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages

LINK COPIED TO CLIPBOARD