Cyber Incident Victim: SAP

On Wednesday April 29 2026, four npm packages associated with SAP’s Cloud Application Programming Model and Cloud MTA Build Tool were published with malicious preinstall scripts. The affected packages were @cap-js/sqlite v2.2.2, @cap-js/postgres v2.2.2, @cap-js/db‑service v2.10.1 and mbt v1.2.48. Security vendors Wiz, Socket and Aikido Security detected the compromise shortly after the packages went live and noted that the packages had accumulated hundreds of thousands of weekly downloads across the SAP developer ecosystem. The malicious scripts executed a multistage payload designed to harvest developer and CI/CD secrets from GitHub, npm, major cloud providers, Kubernetes and local developer tooling, then exfiltrate the data to attacker‑controlled GitHub repositories. The payload contained a hard‑coded string reading “A Mini Shai‑Hulud has Appeared,” a reference to the Shai‑hulud worm campaign that had targeted npm packages since September 2025. Researchers observed that the second‑stage payload would halt before data exfiltration if the host system was configured for the Russian language, and that the attackers reused a shared RSA public key to encrypt stolen data in line with prior TeamPCP operations. Although the payload echoed techniques seen in earlier Shai‑hulud waves, the encryption of exfiltrated data distinguished this campaign from those earlier incidents, which had leaked secrets in the clear.

Attribution to the threat group TeamPCP was made by analysts at Aikido Security and Socket based on overlapping tradecraft, including the use of the same RSA key and similar obfuscation methods observed in previous supply‑chain attacks attributed to the group. Researchers have not definitively identified the initial access vector that allowed the malicious code to be introduced into the SAP packages, though they noted that the compromise appeared to be limited to a small number of high‑value modules rather than a broad, indiscriminate push. The compromised packages were removed from the npm registry soon after publication, limiting the window of exposure. SAP was contacted for comment by Dark Reading but did not provide a response at the time of publication.

The incident highlighted the potential for significant impact despite the limited number of poisoned packages, given the privileged access that SAP development environments often hold to source code repositories, CI/CD pipelines and cloud credentials. Socket reported that the same tools and tradecraft used in the Mini Shai‑Hulud campaign were later observed in separate supply‑chain compromises affecting the lightning PyPI package and an Intercom‑related npm package, indicating a broader operational pattern. Researchers warned that the full fallout from the campaign remained uncertain, noting that stolen secrets could be leveraged in subsequent attacks to gain further access to other projects or infrastructure. No further details regarding remediation steps taken by affected organizations were disclosed in the source material.