Update — Megalodon CI/CD Supply Chain Attack Backdoors 5,500+ GitHub Repositories; ~2,900 Still Infected Week After Attack

Update to the Mini Shai-Hulud campaign first reported May 13: on May 18, 2026, threat actors pushed 5,718 malicious commits to 5,561 public GitHub repositories within a six-hour window using compromised Personal Access Tokens and deploy keys. Unlike the earlier npm package poisoning wave, this Megalodon phase targeted GitHub Actions CI/CD workflow files directly, injecting base64-encoded bash payloads designed to steal CI secrets, cloud credentials (AWS, GCP, Azure), SSH keys, GitHub OIDC tokens, source code secrets, and database connection strings — exfiltrating everything to a C2 at 216.126.225.129:8443. As of May 26, approximately 2,900 repositories remain infected, meaning 83% of compromised repos had not been cleaned up more than a week after discovery. Separate research links the Megalodon campaign to TeamPCP, the group behind Shai-Hulud.

Compromised developer PATs or deploy keys used to push malicious commits directly to main/master branches without pull requests. Two payload variants deployed: SysDiag (triggers on every push/PR) and Optimize-Build (uses workflow_dispatch for dormant backdoor that leaves no visible CI runs). OIDC tokens harvested to impersonate legitimate CI/CD pipelines in AWS, GCP, or Azure.

5,561 public GitHub repositories including projects from Tiledesk, WIZnet, persian-tools, and others. Npm packages published from poisoned repos carry the backdoor downstream. The Optimize-Build variant's dormant backdoor is invisible in CI history until attacker-triggered.

Audit .github/workflows/ directories for unauthorised modifications on or after May 18, 2026 — look for commits from unknown 8-character GitHub handles (e.g. rkb8el9r) or forged identities (build-bot, auto-ci, ci-bot). Revoke and rotate all CI/CD tokens, PATs, and deploy keys. Search for the IoC commit hash 'acac5a9' and C2 domain 216.126.225[.]129:8443. Verify any workflow_dispatch-triggered jobs for injected payloads. Require branch protection rules and require PRs for direct pushes to default branches.