33,000 Secrets Exposed in Shai-Hulud 2.0 Update — Lessons for Enterprise Security and NHI Management

Read full article here: https://blog.gitguardian.com/shai-hulud-2/?utm_source=nhimg

Two months after the original Shai-Hulud supply chain attack in September, threat actors have returned with “The Second Coming”, a faster, more automated, and adaptive campaign targeting developers and CI/CD pipelines. This new wave leverages the same worm-like propagation mechanism but incorporates lessons from prior mistakes, resulting in widespread exposure of secrets and enhanced exfiltration capabilities.

Key Facts

• Infected Packages: 754 npm packages across 1,700 versions
• Exposed Repositories: 20,649 publicly visible on GitHub as of November 24
• Total Secret Occurrences: 294,842
• Unique Secrets Identified: 33,185
• Validated Live Secrets: 3,760 (likely higher at time of leak)
• Targeted Platforms: GitHub, GitLab, CI/CD runners, and developer environments

Developer platforms dominate the leak: 581 GitHub Personal Access Tokens (PATs), 386 OAuth tokens, 104 Fine-Grained PATs, and 101 GitLab tokens, enabling repository access, workflow manipulation, and potential supply chain impact.

Attack Evolution Compared to Shai-Hulud 1.0

While Shai-Hulud 2.0 retained the same basic playbook (poisoned packages → local harvesting → public repo drop), it introduced several innovations:

1. Faster, Same-Day Burst: November 24 attack peaked in the morning and decayed quickly.
2. Test Infrastructure Pre-Phase: Repositories such as ewobwrkwro/new contained payloads (post-obfuscate.js, setup_bun.js) and a workflow to execute across Linux, macOS, and Windows environments.
3. Backdoor & Remote Access: Malware registers compromised machines as GitHub self-hosted runners and adds malicious workflows using GitHub Discussions as a C2 channel.
4. Exfiltration Mutualization: Malware can leverage previously created exfiltration repositories to push secrets even if the victim has no direct GitHub access.
5. Maven Mirror Impact: Some npm packages automatically mirrored into Maven, spreading the malicious payload indirectly.

Technical Breakdown of Malware Behavior

Infection & Execution

• Install-Time Payload Execution: Packages execute malicious scripts during npm install or CI/CD builds.
• Local Harvesting: Environment dumps (environment.json) and TruffleHog scans (truffleSecrets.json) collect API keys, tokens, and private credentials.
• CI/CD Compromise: About 20% of affected machines are GitHub runners, highlighting targeted pipeline infections.

Exfiltration

• GitHub Repositories as Dead-Drops: Malware creates repos with randomized 18-character names containing files:
  • cloud.json → cloud provider secrets
  • contents.json → system info and exfiltration token
  • environment.json → full environment dump
  • actionsSecrets.json → GitHub Actions secrets
  • truffleSecrets.json → local secrets detected via TruffleHog
• Duplication & Distribution: Each secret appears in ~8 locations; repositories serve as both staging and exfiltration points.

Remote Control

• Self-Hosted Runner Registration: Malware adds compromised machines as runners for executing workflows.
• Workflow Injection: Arbitrary code can be executed through malicious workflows triggered via discussions.
• Mitigation: GitHub repository deletion prevented the reuse of the remote control feature.

Impact Analysis

• Scope: Widespread across developer laptops and CI/CD pipelines
• Primary Exposure: Environment variables, local config files, API tokens, SSH keys, and CI/CD secrets
• Top Secret Types: GitHub PATs, OAuth tokens, Fine-Grained PATs, GitLab tokens
• Volume: Over 294,842 secret occurrences, 33,185 unique secrets, and 3,760 verified live secrets

The prevalence of GitHub tokens is due to their dual role: needed for malware exfiltration and inadvertently leaked in contents.json files.

Recommendations for Organizations

1. Identify Leaked Secrets:
   • Use HasMySecretLeaked or GitGuardian GGShield CLI to verify if secrets have been exposed.
   • GitGuardian customers can run queries for filenames: truffleSecrets.json, cloud.json, contents.json, environment.json, actionsSecrets.json.
2. Rotate All Credentials:
   • Replace exposed GitHub PATs, OAuth tokens, Fine-Grained PATs, GitLab tokens, CI/CD secrets, cloud keys, and SSH keys.
3. Audit CI/CD Infrastructure:
   • Check for self-hosted runners added without authorization.
   • Remove malicious workflows or workflow injection vulnerabilities.
4. Harden Developer Environments:
   • Limit dependency installation privileges.
   • Enable short-lived, scoped tokens where possible.
5. Monitor for Repository Abnormalities:
   • Watch for repositories with unusual names or containing environment dumps.
   • Investigate any unexpected commits or pushes to public repos.

Key Takeaways

• Shai-Hulud 2.0 demonstrates evolution in supply chain attacks - Threat actors learn from past campaigns, improving speed, automation, and exfiltration techniques.
• Secrets remain the weakest link in software supply chains. Effective secrets management is now mandatory, not optional.
• Multi-channel impact - Developer machines, CI/CD pipelines, and mirrored package ecosystems (npm → Maven) can all serve as vectors for widespread compromise.
• Visibility and rotation of credentials are essential to reducing blast radius in the event of future attacks.

This incident underscores the urgency of continuous secrets monitoring, credential hygiene, and CI/CD security hardening to defend modern software supply chains.