THREATOPS
THREAT OPSThreat News › From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach

From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach

lowfortinet_researchPublished 2026-06-26

<p>See how Shai Hulud-linked CI/CD compromise exposed Jenkins credentials, enabled AWS escalation, and led to Redshift breach activity detected by FortiCNAPP</p><img align="left" alt="" border="0" height="1" hspace="0" src="https://feeds.fortinet.com/~/i/958459373/0/fortinet/blog/threat-research" style="border: 0; float: left; margin: 0; padding: 0; width: 1px!important; height: 1px!important;" wi

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://feeds.fortinet.com/~/958459373/0/fortinet/blog/threat-research~From-CICD-to-Cloud-Data-How-Shai-Hulud-Persistence-Leads-to-Redshift-Breach