A coordinated Supply chain attack campaign has compromised software packages belonging to several prominent technology and artificial intelligence companies, including TanStack, Mistral AI, and Guardrails AI. The activity has been attributed to a threat actor known as TeamPCP.

Security researchers have linked TeamPCP to a string of recent supply chain breaches targeting the npm and PyPI package repositories. The operation, referred to as the Mini Shai-Hulud campaign, has affected packages from TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI, among others.

Compromised Packages and Malicious Payload

The affected npm packages were modified to include an obfuscated JavaScript file named “router_init.js”. This file is designed to profile the execution environment of the system where the package is installed. The profiling activity is used to gather information about the target before potentially deploying further malicious actions.

The campaign represents a broad targeting of widely used open source components. The inclusion of packages from both development tools and artificial intelligence platforms indicates a strategic focus on high value software supply chains.

Attack Methodology

The threat actor employed a technique known as dependency confusion or package squatting to insert the malicious code into legitimate package updates. Once installed, the obfuscated script collects system data and communicates with a command and control server.

Security analysts note that the use of obfuscation in “router_init.js” is intended to evade detection by automated security tools and manual code review processes. The script does not immediately execute harmful payloads, but instead assesses the target environment to determine the best course of action.

Implications for Software Supply Chain Security

This incident highlights the ongoing risks associated with third party dependencies in modern software development. The compromise of packages from multiple well known organizations demonstrates the scalability of supply chain attacks when threat actors gain access to maintainer accounts or inject code into trusted repositories.

Organizations using the affected packages are advised to audit their dependencies immediately. Security teams should check for the presence of the “router_init.js” file or any unauthorized modifications to package files. Restoring packages from verified, prior versions is recommended until the extent of the compromise is fully understood.

The attack also underscores the need for stronger verification mechanisms for open source package updates. Two factor authentication for package maintainers and automated integrity checks have been suggested as baseline defenses against such campaigns.

Targeted Organizations and Response

TanStack, known for its React Query library, confirmed that some of its npm packages were affected. Mistral AI, a French artificial intelligence company, also had packages compromised in the campaign. Guardrails AI, UiPath, and OpenSearch were similarly targeted.

Each organization has been contacted by security researchers and package registry authorities. Steps are being taken to remove the malicious versions from npm and PyPI. Users who have downloaded the affected versions are urged to update to the latest clean releases as soon as they are made available.

The full list of compromised package versions and their corresponding timestamps is being compiled by threat intelligence firms. This data will be used to help organizations identify any exposure during the attack window.

Authorities and security companies are continuing to investigate TeamPCP’s infrastructure and methods. Further details about the scale of the operation and any data exfiltration are expected to emerge in the coming weeks. Organizations are advised to monitor official security advisories from the affected vendors and the npm and PyPI registries for ongoing updates.

Source: Delimiter Online