The Supply Chain as Entry Point: Why the Attack on SAP Packages Is Not a Niche Problem

On 1 May 2026, security researchers confirmed what many had dismissed as a theoretical risk: the SAP development packages mbt and @cap-js – downloaded almost ten million times per month combined – had been seeded with a malicious component. The so-called "Mini Shai-Hulud" campaign had injected a malicious preinstall hook into the packages, which retrieved and executed platform-specific binaries from GitHub on every developer installation.

Not a hypothetical attack scenario. Not a zero-day on an obscure system. The SAP Cloud Application Programming Model – the foundation of modern DACH enterprise development on SAP BTP.

This is an escalation moment.

The Campaign in Context

Mini Shai-Hulud is not an isolated incident. It is the sharpest point so far in a sustained attack series against software supply chains that has been accelerating in intensity and sophistication since mid-2025.

September 2025: 20 packages with two billion weekly downloads compromised. A phishing attack against maintainer Joshua Junon enabled the takeover of widely used npm packages including chalk, ansi-regex, and color-convert. The attack went undetected for days – not because it was technically flawless, but because no one was actively monitoring.

September 2025: A self-replicating worm infected over 180 npm packages. The attack injected code that automatically compromised further packages on each publication and harvested developer credentials via TruffleHog scanning.

February 2026: PyTorch Lightning versions 2.6.2 and 2.6.3 compromised. Hidden payload directories executed code whenever the framework initialised – on the systems of thousands of ML developers worldwide.

April–May 2026: Ruby Gems and Go modules from the "BufferZoneCorp" account smuggled credential theft, CI pipeline manipulation, and persistent SSH access into popular developer tools.

May 2026: Mini Shai-Hulud – core SAP packages affected.

The trajectory from 2025 to 2026 is unambiguous: attackers have recognised the value of developer infrastructure and are systematically shifting their focus from endpoints to tooling.

Three Attack Patterns DACH Decision-Makers Need to Understand

1. Preinstall Hook Attacks on Trusted Packages

The Mini Shai-Hulud pattern is particularly insidious: a malicious preinstall hook – code executed automatically during npm install – activates the payload before the developer has done anything at all. No click, no file opened, no interaction required. Installation alone is sufficient.

For SAP development environments, this means: every CI/CD pipeline referencing mbt or @cap-js without integrity verification would have executed malicious code at the time of compromise – automatically, invisibly, on privileged build servers.

2. Maintainer Compromise as a Scalable Attack Surface

The attack against Josh Junon in September 2025 illustrates that it is often more efficient for attackers to compromise a trusted person than a system. A maintainer account with write access to twenty packages is more valuable than a zero-day – and cheaper to obtain.

npm and GitHub have responded with mandatory 2FA, short-lived tokens, and OpenID Connect-based trusted publishing. These measures help. They do not protect retroactively and are not a substitute for independent supply chain governance within organisations.

3. AI-Generated Malware Lowers the Entry Threshold

The North Korean PromptMink campaign documented for the first time what security researchers had feared: AI-generated code – specifically Claude-generated malware in npm packages such as @validate-sdk/v2 – enables professionally crafted attacks by actors who previously lacked the technical capability. Famous Chollima, a group associated with North Korea, is deploying these tools in active campaigns.

The gap between a state-sponsored APT and a poorly resourced attacker is narrowing. The result: more attackers, higher attack density, harder to attribute.

Why This Is Different for DACH Companies

SAP is not just any software vendor. SAP is the backbone of the DACH enterprise landscape. Over 80 percent of German DAX companies run on SAP. The Mittelstand – mechanical engineering, automotive, chemicals, pharmaceuticals – uses SAP ERP in its most critical processes: production, finance, procurement, HR.

SAP BTP and the Cloud Application Programming Model (@cap-js) are the strategic development platform through which these companies are today extending and modernising their SAP system landscapes. A compromised @cap-js package in a development environment means: malicious code runs on infrastructure with access to SAP systems.

This is not a worst-case scenario. This was the state of the Mini Shai-Hulud campaign until the packages were removed from the registry.

And most organisations would not have noticed.

What NIS2 Requires in This Context

The NIS2 Directive, which had to be transposed into German law by October 2024, contains explicit requirements for supply chain security. Article 21 obliges affected entities to implement measures addressing the security of the supply chain, including security-related aspects of the relationships between each entity and its direct suppliers and service providers.

This is not abstract. In concrete terms, it means:

• Software dependencies are suppliers. An organisation classified as important or critical under NIS2 that exercises no control over its build dependencies is in demonstrable breach of its duty of care.
• Documentation obligations. Companies must be able to demonstrate what measures they have taken to audit their software supply chain.
• Management liability. Directors and board members are personally liable for serious failures – up to ten million euros or two percent of global annual turnover.

A supply chain incident caused by an unvetted npm dependency is, in this context, not a technical problem. It is a management liability event.

Three Measures with Concrete Effect

Introduce Software Composition Analysis and SBOMs

A Software Bill of Materials – a structured inventory of all software dependencies – is the foundation of any supply chain governance. SBOMs enable compromised packages to be identified in real time and removed from CI/CD pipelines.

Tools such as Dependabot, Snyk or OWASP Dependency-Track can be integrated into existing build systems. The implementation effort is manageable; the demonstrable compliance posture toward regulators is substantial.

A structured Compliance Sprint establishes in four weeks the procedural and documentary foundation that NIS2 requires for supply chain security – including an SBOM process and policies for third-party software.

Audit M&A Targets for Software Supply Chain Risk

When you acquire a company, you also acquire its build infrastructure, its CI/CD pipelines, and its dependency landscape. The question "which npm packages does the target reference?" sounds technical; it is financial.

A compromised development system in an acquisition target can generate substantial reputational and liability exposure post-closing – particularly if the target qualifies as a critical or important entity under NIS2 in the DACH region.

A professional M&A Cyber Due Diligence Audit today explicitly includes an assessment of software supply chains. The 2026 attack pattern makes this a requirement, not an option.

Continuous Security Leadership Instead of Reactive Patch Management

The attack wave of recent months demonstrates that the question is not whether a dependency will be compromised, but when – and whether the organisation will detect it in time. That requires continuous monitoring, clear escalation processes, and someone who is accountable.

A vCISO Mandate gives organisations exactly that: strategic security leadership that understands the threat landscape, integrates supply chain risks into the ongoing ISMS, and is capable of acting immediately when an incident occurs – without the fixed cost of a full-time CISO.

The Core Finding

The Mini Shai-Hulud campaign is not the endpoint of this development. It is a data point on a curve that has been trending consistently upward since 2025. Attackers have understood that developer infrastructure is the weakest link in modern security architectures – because it carries high privileges, is rarely monitored, and is implicitly treated as trusted by organisations.

SAP packages with ten million monthly downloads are not a niche product. They are the core of DACH enterprise software development.

The question every IT leader and executive in the DACH region should be asking today is not: "Could we be affected?" The question is: "Would we have noticed?"

---

Woodlands Advisory helps DACH companies secure their software supply chains demonstrably – from SBOM implementation and NIS2-compliant processes to strategic security leadership. If you would like to assess your current exposure, speak with us.

Schedule an initial consultation →