Banks, Governments, and Fortune 500s Hit by Shai-Hulud 2.0 — A Wake-Up Call for Enterprises

Read full article here: https://entro.security/blog/shai-hulud-2-0-banks-gov-tech-breach/?utm_source=nhimg

Since its discovery on November 24, 2025, Shai Hulud 2.0 has been described primarily as an npm supply chain worm that spawned thousands of GitHub repositories and scraped millions of secrets into JSON files. However, this focus on where the data ended up misses the critical point: the real victims were the runtime environments, CI/CD pipelines, developer endpoints, and cloud machines themselves.

Entro researchers analyzed over 30,000 Shai Hulud 2.0 repositories and tied exfiltrated data to 1,195 organizations, spanning banks, governments, and Fortune 500 tech companies. In many cases, high-value cloud and CI credentials remained valid more than 72 hours after disclosure, underscoring the severity of the breach.

Reframing Shai Hulud 2.0: Who Was Actually Compromised

Early reports implied that GitHub repositories were the primary victims. Our analysis shows otherwise: these repos were largely aggregation and exfiltration layers, not the assets of concern.

The true impact was on runtime environments and associated credentials, including:

• Memory-resident secrets
• CI/CD pipeline variables
• Local configuration files
• Cloud service credentials

Moving forward, when we refer to “victims,” we mean the environments and organizations behind them, not the repositories used by the attackers.

Key Findings

• 1,195 organizations affected, including tech, finance, government, and healthcare
• 55.7% of victims are technology/SaaS companies
• 30,000+ attacker-controlled repositories analyzed
• Valid cloud and CI credentials observed up to 72+ hours after disclosure
• Shai Hulud 2.0 targeted CI/CD pipelines, developer endpoints, and cloud-connected machines

Attributing Compromised Machines

Before GitHub removed the attacker-controlled repositories, Entro researchers analyzed ~30,000 repos to link compromised environments to real organizations using:

• Email domains and tenant identifiers in environment variables
• Internal hostnames, service names, and URL patterns
• Verification of a subset of secrets mapped to live systems

Sector-Level Impact

The scale highlights how deeply Shai Hulud 2.0 infiltrated CI pipelines, endpoints, and cloud assets across high-value sectors.

Examples from Compromised Environments

Shai Hulud 2.0 wrote a small bundle of JSON artifacts per compromised machine:

• environment.json – runtime environment dump, often double-base64 encoded
• truffleSecrets.json – results from bundled TruffleHog scanner
• actionsSecrets.json – CI/CD secrets
• cloud.json – cloud credentials
• contents.json – system metadata

Example 1: Semiconductor Company

• Decoded environment.json revealed live GitHub Personal Access Tokens, runner tokens, internal hostnames, and compromised npm package context
• truffleSecrets.json identified MongoDB credentials on the filesystem

Example 2: Financial Services Provider

• Environment dump from GitLab CI pipeline exposed:
  • AWS secrets
  • Blockchain production tokens
  • Slack and Jira webhooks
  • GitLab personal access tokens
• Preinstall execution of compromised npm package triggered immediate credential exfiltration
• Entro platform validation confirmed 18 secrets still active three days post-disclosure

What Shai Hulud 2.0 Means for Defenders

Shai Hulud 2.0 isn’t just a GitHub repository incident—it’s a preview of how quickly supply-chain campaigns can compromise runtime environments and non-human identities.

Defenders should focus on three priorities:

1. Reduce secrets in CI/CD and developer environments
2. Treat non-human identities as managed assets with owners, scope, and rotation policies
3. Quickly answer critical questions:
   • Which secrets were exposed?
   • Which identities do they belong to?
   • Have credentials been revoked or rotated?

Any place code executes is a potential memory-dump target. Shai Hulud 2.0 demonstrates that runtime environments—not just repositories—are at risk.