← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack
WHITE TeamPCP PetrP.73 2026-05-22 Modified: 2026-05-22
25
IOCs
MEDIUM VOLUME
On May 19, 2026, the Microsoft durabletask Python SDK was compromised on PyPI, marking a significant supply chain attack. The attacker uploaded three malicious versions of the package (1.4.1, 1.4.2, and 1.4.3) within a short timeframe, bypassing Microsoft's GitHub repository's build pipeline using stolen publishing credentials. The malicious payload, consisting of 14 lines of Python code, acts as a dropper for a more complex modular cloud intrusion framework known as rope.pyz. This framework features multiple modules designed to exfiltrate sensitive data across major cloud platforms and systems, including AWS, Azure, and GCP.
pypigithubc2 domainmicrosoftcicdkubernetesteampcphardenrunnerdockermini shaihuludbabayagafirebirddropperhuludvault clikb
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (4 / 25 total)
All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 04750aba368eeb2890e74d10fa0a50a3 MD5 of 069ac1dc7f7649b76bc72a11ac700f373804bfd81dab7e561157b703999f44ce 2026-05-22
FileHash-MD5 907a5a883877808218686bc24b7add65 MD5 of 7d80b3ef74ad7992b93c31966962612e4e2ceb93e7727cdbd1d2a9af47d44ba8 2026-05-22
FileHash-MD5 d648b731ae428146f7a94cd09e6c7585 MD5 of aeaf583e20347bf850e2fabdcd6f4982996ba023f8c2cd56bbd299cfd56516f5 2026-05-22
FileHash-MD5 ef0eb6dcf4a8e97814a3e975b72b0d12 MD5 of 877ff2531a63393c4cb9c3c86908b62d9c4fc3db971bc231c48537faae6cb3ec 2026-05-22
References (1)
↗ https://www.stepsecurity.io/blog/microsofts-durabletask-pypi-package-compromised-in-supply-chain-attack