Post by Expel

In the SOC, you get used to the noise. But every once in a while, something stands out. A couple weeks ago, a single string cut through the noise: SHA1HULUD. It felt like seeing a ghost. We traced the activity to a public GitHub repository. Inside was a nightmare scenario. The customer's private cloud keys and secrets were exposed for anyone to grab. Since then, we’ve continued to see and field incidents involving compromised NPM packages. We've developed an approach to identify and stop Shai Hulud activity, get it here: https://lnkd.in/gkybjwb7