Last updated 1 month ago
SAP, a German enterprise software company, was affected by a supply chain attack targeting its npm packages. The attack was publicly disclosed in April 2026, though the exact discovery date is not provided. The breach involved credential-stealing malware distributed through malicious npm packages, impacting SAP and Intercom npm packages, as well as the lightning PyPI package. The scale of affected records or systems is not quantified.
The attack chain involved the insertion of malicious code into npm packages, which were then distributed to users who installed these packages. The malware, described as 'Mini Shai-Hulud,' was designed to steal credentials from infected systems. The initial access vector was the supply chain, exploiting the trust in legitimate package repositories. No specific threat actor or CVE is attributed in the article.
No post-incident details such as regulatory actions, litigation, ransom payments, or containment milestones are provided in the article.
Malicious npm packages in supply chain attack
SAP's supply chain attack underscores the critical need for rigorous package integrity verification and dependency auditing in software development. The compromise of npm packages highlights that organizations must implement automated scanning for malicious code in third-party dependencies and enforce strict access controls on package publishing. This incident also emphasizes the importance of monitoring for anomalous package behavior and maintaining an incident response plan tailored to supply chain threats.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector