Like Shai-Hulud, the campaign targets developers to steal credentials and reuses them to propagate across the software supply channel.
This is an ingested summary. Full reporting is available at the primary source below.