Mini Shai-Hulud supply chain attack linked to GitHub and Grafana security incidents

ChainCatcher report: According to threat intelligence released by SlowMist, recent supply chain attacks by Mini Shai-Hulud ("Mini Sandworm") have compromised several high-frequency npm packages, including AntV and Echarts-for-react, as well as the Python SDK durabletask. The npm account "atool" was breached, and within 22 minutes, the attacker automatically published 637 malicious versions across 317 packages. Within 35 minutes, the attacker sequentially uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3, bypassing standard release controls and impersonating official Microsoft releases. This supply chain attack is likely linked to the large-scale GitHub token leak and the ransomware attack on Grafana Labs. Affected components include high-usage packages in the npm ecosystem such as AntV and Echarts-for-react, as well as durabletask versions 1.4.1, 1.4.2, and 1.4.3 in Python. Attackers can steal cloud and local credentials, gain unauthorized access to internal repositories and sensitive cloud infrastructure, move laterally to developer machines and CI/CD pipelines, sell and exploit leaked GitHub tokens, and execute ransomware and data leak threats. SlowMist recommends immediately rotating all exposed credentials, replacing compromised packages, isolating potentially infected systems, and implementing strict dependency review policies. Previously, it was reported that the Mini Shai-Hulud worm has recently spread widely across open-source code repositories; developers are advised to conduct thorough investigations.