Comment by alex_suzuki
2 months ago
Nice little Dune reference in there: The malware installs a Github action if it finds an access token, and names it 'shai-hulud-workflow.yml'. Shai Hulud is the Fremen term for the sandworms on Arrakis.
2 months ago
Nice little Dune reference in there: The malware installs a Github action if it finds an access token, and names it 'shai-hulud-workflow.yml'. Shai Hulud is the Fremen term for the sandworms on Arrakis.
I if you think that last week attack was s1ngularity that can be related to wormhole, now we get this shai-hulud that is actually a worm. Funny right? They are similar attacks also. This funny coincidence was described by someone at Aikido Security.
It's not a coincidence - this attack is directly downstream of s1ngularity