The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent
On June 8, 2026, multiple Graph ML PyPI packages were compromised in the Hades campaign, deploying cross-platform memory scrapers, AI prompt injections for analyst misdirection, and token-revocation wipers. The attack targeted the bioinformatics ecosystem with sophisticated evasion techniques.
- Disclosed
- Last updated
- Blast radius
- Multiple Graph ML packages in the bioinformatics ecosystem; cross-platform impact via memory scrapers
- Ecosystems
- Attack vectors
- Affected entities
- Graph ML PyPI packagesMultiple packages in the bioinformatics ecosystem compromised in the Hades campaign
On June 8, 2026, multiple Graph ML PyPI packages were compromised as part of the Hades campaign. The compromised packages deployed malicious payloads across multiple platforms.
The attack employed several sophisticated techniques: cross-platform memory scrapers to extract sensitive data, AI prompt injections designed to misdirect security analysts and automated scanners, and a token-revocation wiper mechanism. These capabilities suggest a coordinated, well-resourced threat actor targeting the bioinformatics software supply chain.
The use of AI-based misdirection techniques indicates an attempt to evade both human and automated security analysis. The token-revocation wiper component suggests the attackers sought to cover their tracks and complicate incident response efforts.
Indicators of compromise
- Packages
- Graph ML PyPI packages
Remediation
- Immediately audit and revoke any tokens or credentials that may have been exposed through affected Graph ML packages
- Scan systems for memory scraper artifacts and indicators of compromise
- Review and update all dependencies on Graph ML PyPI packages to patched versions
- Implement enhanced monitoring for suspicious memory access patterns and token usage
- Conduct forensic analysis to identify the scope of data exfiltration
- Apply principle of least privilege to limit impact of future package compromises
Sources
Cite this entry
"The Hades Campaign: Graph ML PyPI Packages Deploy Cross-Platform Memory Scrapers, AI Analyst Misdirection, and a Wiper Deterrent." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 8, 2026; last updated June 8, 2026. https://supplychainattack.org/incident/the-hades-campaign-graph-ml-pypi-packages-deploy-cross-platform-memory-scrapers-1i5lk3
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
New Shai-Hulud attack trojanizes 19 science-focused PyPI packages
Hackers compromised 19 science-focused packages on PyPI in a Shai-Hulud supply-chain attack. The trojanized packages were collectively downloaded hundreds of thousands of times and delivered malware designed to steal developer secrets.
PyPICompromised package - resolvedhigh
durabletask: TeamPCP's Latest PyPi Compromise
Malicious versions of the PyPI package durabletask were published, attributed to the TeamPCP threat actor. The attack matches known TeamPCP tactics used in prior supply chain compromises.
PyPICompromised package - containedcritical
Microsoft's durabletask PyPI Package Compromised in Supply Chain Attack
Three malicious versions of Microsoft's durabletask Python package were published to PyPI on May 19, 2026, containing a 28 KB payload that steals credentials from cloud providers (AWS, Azure, GCP), Kubernetes, password managers, and developer tools. The attack has been attributed to the TeamPCP threat group and exhibits indicators of Eastern European cybercrime operations.
PyPICompromised package - containedcritical
TeamPCP Injects Two-Stage Credential Stealer into xinference PyPI Package
The xinference package on PyPI was compromised with a two-stage credential stealer attributed to the TeamPCP threat actor. The malicious code was injected into the package, potentially affecting users who installed compromised versions.
PyPICompromised packageMalicious maintainer