SlowMist|5月 16, 2026 10:43
🚨Analysis of the Supply Chain Poisoning Attack on the Official Mistral AI SDK 🚨
SlowMist’s MistEye threat monitoring system has identified a malicious version of the official Mistral AI Python SDK: mistralai==2.4.6. Unlike typical typosquatting attacks, this was not a fake package. The malicious code was injected directly into the official SDK release pipeline.
🔍 Key Findings
• Malicious code hidden in the SDK import entry point • Silent download of a remote payload disguised as transformers.pyz
• Theft of cloud credentials, SSH keys, CI/CD tokens, password manager data, Kubernetes Secrets, and more
• 1/6 probability of triggering rm -rf /* on systems associated with Israel or Iran
• Strong attribution links to the previously disclosed Shai-Hulud supply chain attack framework through the same 4096-bit RSA public key
Our analysis reconstructs the full attack chain, persistence mechanisms, encrypted exfiltration workflow, and the correlation between the Python and TypeScript attack frameworks.
Full article👇
https://slowmist.medium.com/threat-intelligence-analysis-of-the-supply-chain-poisoning-attack-on-the-official-mistral-ai-sdk-98803747a5fa(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink