Four widely-used SAP npm packages — collectively downloaded over 572,000 times per week — were compromised on April 29, 2026, with credential-stealing malware that silently exfiltrated developer tokens, cloud secrets, and CI/CD pipeline credentials. Dubbed "Mini Shai-Hulud" by Wiz researchers, the campaign represents one of the most targeted software supply chain attacks against the SAP ecosystem to date, and carries direct implications for every Saudi financial institution running SAP-based core banking or ERP systems.

What Happened: The Mini Shai-Hulud Attack Chain

Between 09:55 UTC and 12:14 UTC on April 29, threat actors published poisoned versions of four official SAP npm packages: @sap/cds v7.9.0, @cap-js/db-service v2.10.1, @cap-js/postgres v2.2.2, and @cap-js/sqlite v2.2.2. These packages are core components of SAP's Cloud Application Programming (CAP) model, the framework SAP recommends for building cloud-native enterprise applications on the Business Technology Platform (BTP).

The attackers injected malicious preinstall scripts into each package. When a developer ran npm install, the script executed silently — before the legitimate package code even loaded — and harvested a comprehensive set of secrets from the build environment. The stolen data included npm and GitHub tokens, SSH keys, AWS access keys, Azure service principal credentials, GCP service account keys, Kubernetes configs, and any secrets exposed as environment variables in GitHub Actions runners.

Exfiltration was routed through a GitHub-based command-and-control channel, allowing the stolen credentials to blend with normal developer traffic to GitHub APIs and evade network-based detection. The malicious versions were live for approximately three hours before SAP deprecated them from the npm registry, but automated CI/CD pipelines running during that window were particularly vulnerable.

Attribution and Threat Actor Profile

Wiz researchers attributed the campaign with medium confidence to TeamPCP, a threat group previously linked to supply chain attacks against Trivy (the container vulnerability scanner), Checkmarx developer tools, and Bitwarden password manager extensions. TeamPCP specializes in compromising developer toolchains rather than end-user applications, targeting the exact point where a single poisoned dependency can cascade across hundreds of production deployments. Their consistent pattern involves injecting preinstall hooks into popular packages, harvesting CI/CD secrets, and using those secrets to pivot deeper into victim organizations' cloud infrastructure.

Why Saudi Financial Institutions Are Particularly Exposed

SAP is the backbone of enterprise resource planning across Saudi Arabia's banking and insurance sectors. Most SAMA-regulated institutions operate SAP S/4HANA for core financial processing, SAP SuccessFactors for HR, and increasingly SAP BTP for cloud-native microservices and API integrations. Development teams at these institutions routinely consume SAP npm packages in their Node.js-based middleware, integration layers, and custom Fiori applications.

The SAMA Cyber Security Framework (CSCC) mandates under Domain 3 (Cyber Security Operations and Technology) that institutions implement secure software development lifecycle (SSDLC) practices, including dependency integrity verification. Similarly, the NCA Essential Cybersecurity Controls (ECC 2:2024) under Subdomain 2-7 (Application Security) require organizations to validate the integrity of third-party components before deployment. A supply chain compromise of this nature — where official, trusted packages are weaponized — directly tests whether these controls are implemented or merely documented.

The compounding risk factor is CI/CD pipeline exposure. Saudi banks that have modernized their DevOps workflows often grant GitHub Actions runners access to production cloud credentials for automated deployments. If a compromised SAP package executed in such a pipeline, the attacker would have harvested credentials with direct access to production banking infrastructure — turning a developer tool compromise into a potential core banking breach.

Practical Recommendations for CISOs and Development Teams

  1. Audit your npm lock files immediately. Search your package-lock.json and CI build logs for the specific compromised versions: @sap/cds@7.9.0, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2. If any were installed between April 29 and May 1, treat the environment as compromised and rotate all exposed credentials.
  2. Enforce package pinning and integrity checks. Use npm ci instead of npm install in CI pipelines to enforce lock file integrity. Enable npm's --ignore-scripts flag by default and whitelist preinstall scripts only for verified packages. Configure package-lock.json integrity hashes (SHA-512) and fail builds on mismatches.
  3. Implement a private registry proxy. Deploy Artifactory, Nexus, or Verdaccio as an internal npm registry that caches approved package versions. Configure quarantine policies that hold new package versions for automated scanning before making them available to developers. This creates a buffer against zero-hour supply chain poisoning.
  4. Rotate all CI/CD secrets on a schedule. SAP-consuming pipelines should rotate GitHub tokens, cloud provider credentials, and npm publish tokens quarterly at minimum. Use short-lived, scoped tokens (GitHub's fine-grained personal access tokens, AWS STS temporary credentials) rather than long-lived secrets.
  5. Deploy runtime supply chain monitoring. Tools like Socket.dev, Snyk, and Semgrep can detect anomalous behavior in npm preinstall scripts — such as network calls, file system reads outside the package directory, or environment variable enumeration — before execution. Integrate these into your CI gates.
  6. Map this incident to your SAMA CSCC controls. Use this event as a tabletop exercise to test your Incident Response (Domain 4) and Third-Party Security (Domain 6) controls. Document which CSCC sub-controls would have detected or prevented the compromise, and close any gaps identified.

The Broader Trend: Developer Infrastructure as the New Attack Surface

Mini Shai-Hulud is not an isolated incident. The 2026 threat landscape has seen a dramatic escalation in attacks targeting developer infrastructure: the Grafana GitHub Actions breach exposed an entire codebase through CI/CD manipulation, the node-ipc npm package was weaponized with destructive payloads, and the VS Code Marketplace was infiltrated with a trojanized Nx Console extension. Attackers have recognized that compromising a single developer dependency can yield access to thousands of downstream production environments — making supply chain attacks far more efficient than traditional perimeter exploitation.

For Saudi financial institutions operating under SAMA and NCA oversight, this trend demands a fundamental shift in how software supply chain risk is governed. The traditional model of trusting packages from official registries is no longer sufficient. Every dependency must be treated as an untrusted input — verified, sandboxed, and monitored — with the same rigor applied to any other third-party vendor accessing critical financial systems.

Conclusion

The Mini Shai-Hulud campaign is a wake-up call for every organization that builds on SAP's cloud ecosystem. With 572,000 weekly downloads across the affected packages, the blast radius of even a three-hour compromise window is substantial. Saudi financial institutions that rely on SAP for core operations must treat supply chain integrity as a board-level risk, not a DevOps implementation detail.

Is your organization prepared? Contact Fyntralink for a complimentary SAMA Cyber Maturity Assessment that includes a full review of your software supply chain security posture against SAMA CSCC and NCA ECC requirements.