InfoSec Briefing - May 21, 2026

🎧 Audio Briefing

Playback Speed:

Cyber security developments for Thursday the 21st of May 2026 covering articles added to the BlueTeamSec community on infosec.pub. Today we have 3 articles to cover. All attribution is by the article authors. All article analysis is automated.

Microsoft have written up Storm-2949, a campaign that compromised IT personnel and senior leadership through social engineering targeting password resets and MFA approval flows. The attackers registered their own MFA devices for persistence, then escalated privileges across Azure to exfiltrate data from Key Vault, storage accounts, and Microsoft 365 — one for incident responders working in cloud-heavy environments.

Ox Security flagged four malicious npm packages in a typo-squatting campaign inspired by TeamPCP's Shai-Hulud malware and apparently part of a supply chain competition on BreachForums. The packages functioned as infostealers and DDoS botnets, racking up nearly three thousand weekly downloads before detection. Meanwhile, Socket documented a much larger attack — Mini Shai-Hulud — which compromised maintainer accounts and injected malicious payloads into 639 versions across 323 npm packages, targeting the @antv ecosystem and other widely-used libraries like echarts-for-react. The goal was exfiltrating secrets from developer machines and CI/CD pipelines, and the scale is considerable given the download counts involved.

That concludes today's briefing.

📰 Articles Covered

How Storm-2949 turned a compromised identity into a cloud-wide breach - Microsoft

The recent campaign by the threat actor **Storm-2949** represents a sophisticated, multi-layered attack that successfully escalated a single compromised identity into a broad, cloud-wide data exfiltration event 【1】.

### What Happened
Storm-2949 utilized targeted social engineering to compromise user identities, specifically focusing on IT personnel and senior leadership 【1】. By abusing the **Self-Service Password Reset (SSPR)** process, the attackers tricked users into approving fraudulent multifactor authentication (MFA) prompts. Once access was gained, they registered their own devices for MFA, ensuring persistent control 【1】.

The attackers then pivoted through the organization's Azure environment, leveraging privileged **Azure RBAC** permissions to access sensitive resources, including **Azure Key Vault**, **App Services**, **SQL servers**, and **Storage accounts**, ultimately exfiltrating large volumes of data 【1】【1】.

### Who Is Affected
The primary targets were organizations utilizing **Microsoft 365** and **Azure-hosted production environments** 【1】. Specifically, users with administrative or privileged access—such as IT staff and senior leadership—were deliberately targeted to facilitate lateral movement and privilege escalation 【1】.

### Security Implications
* **Identity Compromise:** The abuse of SSPR and MFA registration demonstrates that even standard security controls can be bypassed through human-centric social engineering 【1】.
* **Blast Radius Expansion:** By accessing Key Vault, the attackers obtained credentials that allowed them to move from auxiliary services to high-value production applications 【1】.
* **Defense Evasion:** The attackers actively worked to hide their tracks by disabling security services, clearing logs, and manipulating firewall rules to facilitate exfiltration while minimizing detection 【1】【1】.

### Technical Details
* **Persistence:** The attackers installed the **ScreenConnect** RMM tool on virtual machines, masquerading it as legitimate system software and disabling **Microsoft Defender Antivirus** protections 【1】.
* **Management Plane Abuse:** Storm-2949 invoked operations like `microsoft.Web/sites/publishxml/action` to retrieve publishing profiles and `microsoft.Storage/storageAccounts/listkeys/action` to obtain SAS tokens and account keys 【1】【1】.
* **Exfiltration:** Data was exfiltrated using custom Python scripts that leveraged the Azure SDK to programmatically download blobs 【1】.

### What Defenders Should Know
* **Identity Hardening:** Implement **phishing-resistant MFA** for all privileged accounts and enforce **Conditional Access policies** based on device compliance and trusted locations 【1】.
* **Least Privilege:** Regularly audit **Azure RBAC** roles to ensure users only have the permissions necessary for their roles, specifically restricting access to sensitive management-plane operations 【1】.
* **Resource Protection:** Use **private endpoints** for Azure Storage and Key Vault to disable public network access, and enable features like **purge protection** and **immutable storage** to prevent unauthorized data modification or deletion 【1】.
* **Monitoring:** Utilize **Microsoft Defender XDR** and **Azure Monitor** to hunt for suspicious patterns, such as unauthorized firewall rule changes or unusual API calls to management-plane operations 【1】.
New Actors Deploy Shai-Hulud Clones: TeamPCP Copycats Are Here - www.ox.security

A recent supply chain attack has been identified involving the distribution of four malicious `npm` packages, which appear to be part of a typo-squatting campaign targeting developers 【1】.

### What Happened
A single threat actor uploaded four malicious packages to the `npm` registry, likely inspired by a recent open-source release of the "Shai-Hulud" malware by TeamPCP and a related supply chain attack competition on BreachForums 【1】. The packages are designed to function as infostealers, with one specifically acting as a DDoS botnet 【1】.

### Who Is Affected
Any developer or system that has installed these packages is considered compromised 【1】. The affected packages include:
- `@deadcode09284814/axios-util`
- `axois-utils`
- `chalk-tempalte`
- `color-style-utils`

These packages have seen a combined total of 2,678 weekly downloads 【1】.

### Security Implications
The malware is highly invasive, with capabilities that vary by package. Compromised machines may have the following data exfiltrated:
- IP addresses and environment variables 【1】
- Cloud configurations and cryptocurrency wallets 【1】
- System control, as one variant turns the victim's machine into a DDoS botnet capable of flooding targets with HTTP, TCP, UDP, and Reset requests 【1】【1】

### Technical Details
- **Shai-Hulud Clone:** The `chalk-tempalte` package is a direct, minimally modified clone of the Shai-Hulud source code, utilizing the attacker's own Command and Control (C2) server and private key 【1】.
- **Persistence:** The malware includes persistence logic to ensure it remains on the target machine even after the `npm` package is uninstalled 【1】.
- **Botnet Infrastructure:** The DDoS component, referred to as a "phantom bot," utilizes a local service written in `GoLang` to communicate with its C2 server 【1】.

### What Defenders Should Know
To mitigate the risk of these packages, defenders and developers should take the following steps:
- **Immediate Remediation:** Uninstall the malicious packages and rotate all keys on any machine where they were installed 【1】.
- **Clean Environments:** Search for and remove malicious configurations from IDEs and coding agents (e.g., Claude Code) 【1】.
- **Threat Hunting:** Scan GitHub repositories for the string "A Mini Sha1-Hulud has Appeared" to identify potential exposure 【1】.
- **Network Security:** Block network access to unknown or suspicious domains that may be associated with these C2 servers 【1】.
Active Supply Chain Attack Compromises @antv Packages on npm... - socket.dev

The **Mini Shai-Hulud** supply chain attack recently compromised 639 versions across 323 unique npm packages, primarily targeting the **@antv** ecosystem 【1】【1】.

### What Happened
Attackers compromised maintainer accounts to publish malicious versions of popular packages in a rapid, automated wave 【1】【1】. The attack utilized automated scripts to inject malicious payloads into legitimate packages, bump their versions, and republish them under the compromised maintainer's identity 【1】.

### Who Is Affected
The breach heavily impacted the **@antv** namespace, including widely used packages such as:
- `@antv/g2`, `@antv/g6`, `@antv/x6`, `@antv/l7`, `@antv/s2`, `@antv/f2`, `@antv/g`, `@antv/g2plot`, `@antv/graphin`, and `@antv/data-set` 【1】.
- Other affected packages include `echarts-for-react` (with ~1.1 million weekly downloads), `timeago.js`, `size-sensor`, and `canvas-nest.js` 【1】【1】.
- Additional packages under the `@lint-md`, `@openclaw-cn`, and `@starmind` namespaces were also compromised 【1】.

### Security Implications
The malware is designed to exfiltrate high-value development secrets from developer machines and CI/CD environments 【1】. Stolen data includes:
- **Credentials:** GitHub tokens, npm tokens, AWS credentials, Kubernetes service-account material, Vault tokens, and SSH/private keys 【1】.
- **Environment Data:** Docker authentication files and database connection strings 【1】.
- **Persistence:** The malware can validate stolen npm tokens to hijack further packages, creating a self-propagating cycle of compromise 【1】.

### Technical Details
- **Execution:** The payload is triggered during installation via a `preinstall` hook added to the `package.json` file: `"preinstall":"bun run index.js"` 【1】.
- **Exfiltration:** Data is sent to a remote HTTPS endpoint (`t[.]m-kosche[.]com`) or exfiltrated via a GitHub-based fallback mechanism that commits stolen data to a `results/` directory in a repository created under the victim's account 【1】【1】.
- **CI/CD Awareness:** The malware contains specific logic to target a wide range of CI/CD platforms, including GitHub Actions, GitLab CI, Jenkins, CircleCI, and many others 【1】.

### What Defenders Should Know
- **Audit Dependencies:** Organizations using the affected packages should immediately audit their environments for unauthorized `preinstall` scripts and verify the integrity of their dependency tree 【1】.
- **Secret Rotation:** If any affected packages were installed in environments containing sensitive credentials, those secrets (especially npm and GitHub tokens) should be considered compromised and rotated immediately 【1】.
- **Monitor CI/CD:** Security teams should monitor for unusual repository creation activity or unexpected commits to GitHub repositories, which may indicate the malware's fallback exfiltration mechanism is active 【1】.