THREATOPS
THREAT OPSThreat News › Shai-Hulud Campaign Evolution: Miasma, Hades, and AI Scanner Evasion

Shai-Hulud Campaign Evolution: Miasma, Hades, and AI Scanner Evasion

lowzscaler_threatlabzPublished 2026-06-12

IntroductionSince Zscaler ThreatLabz published its analysis of Shai-Hulud V2 in November 2025, the campaign has continued to evolve in ways that distinguish it from more typical software supply chain attacks. Over the last six months, the activity expanded beyond npm into the Python Package Index (PyPI), shifted from maintainer-focused compromise to CI/CD abuse, undermined trust in Suppl

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://www.zscaler.com/blogs/security-research/shai-hulud-campaign-evolution-miasma-hades-and-ai-scanner-evasion