Full Report
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
Analysis Summary
# Incident Report: Compromise of @redhat-cloud-services npm Packages
## Executive Summary
In June 2026, more than 30 npm packages under Red Hat’s official `@redhat-cloud-services` namespace were compromised in a supply-chain attack. The attackers utilized a specialized malware variant named "Miasma" (derived from the Shai-Hulud framework) to exfiltrate highly sensitive developer credentials and cloud tokens. While the compromise was limited to internal development tooling and did not reach production customer environments, the attack affected 32 packages with a combined weekly reach of 117,000 downloads.
## Incident Details
- **Discovery Date:** June 1, 2026 (Public disclosure)
- **Incident Date:** May – June 2026
- **Affected Organization:** Red Hat
- **Sector:** Information Technology / Software Development
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** Late May/Early June 2026
- **Vector:** GitHub Account Takeover (Employee)
- **Details:** Attackers gained access to a Red Hat employee’s GitHub account, allowing them to push malicious commits directly to repositories managing internal cloud services libraries.
### Lateral Movement
- **Mechanism:** Abuse of CI/CD pipeline permissions.
- **Details:** The attackers added a GitHub Actions workflow that utilized `id-token: write` permissions. By exploiting npm’s "trusted publishing" mechanism, they requested OIDC (OpenID Connect) tokens to authenticate directly with npm as a trusted provider, bypassing the need for manual credentials to publish new package versions.
### Data Exfiltration/Impact
- **Payload:** A 4.2 MB obfuscated JavaScript file (`index.js`).
- **Targeted Data:** GitHub Actions secrets, AWS/GCP/Azure credentials, HashiCorp Vault tokens, Kubernetes service accounts, SSH keys, GPG keys, and `.env` files.
### Detection & Response
- **Discovery:** Identified by security firms Aikido and OX Security through repository monitoring.
- **Response:** Red Hat immediately initiated an investigation, removed the backdoored versions from the npm registry, and localized the impact to internal-only tooling.
## Attack Methodology
- **Initial Access:** Compromised GitHub account credentials.
- **Persistence:** Malicious GitHub Action workflows and 96 updated package versions published to the npm registry.
- **Privilege Escalation:** Exploitation of OIDC "trusted publishing" to gain registry-wide write access.
- **Defense Evasion:** Use of heavy code obfuscation in the malicious `index.js` and a multi-stage delivery mechanism.
- **Credential Access:** Automated scanning of local developer environments for cloud provider configuration files and environment secrets.
- **Discovery:** The malware performed reconnaissance of the CI/CD environment and local filesystem to identify tokens and keys.
- **Lateral Movement:** Using stolen credentials to potentially spread to other projects (characteristic of the Shai-Hulud/Miasma framework).
- **Collection:** Gathering of keys, tokens, and `.env` files from targeted developer machines.
- **Exfiltration:** Automated transmission of stolen secrets to attacker-controlled infrastructure.
- **Impact:** Potential for complete cloud environment takeover via stolen administrative tokens.
## Impact Assessment
- **Financial:** Unknown; costs associated with incident response and credential rotation.
- **Data Breach:** Compromise of internal developer secrets and CI/CD tokens.
- **Operational:** Disruption of internal development workflows as packages were removed and rotated.
- **Reputational:** Publicized supply-chain vulnerability involving a major enterprise Linux vendor.
## Indicators of Compromise
- **Network:** Outbound connections to unknown C2 infrastructure (Defanged: `hxxps[://]atacker-c2-domain[.]com`).
- **File:** `index.js` (approx. 4.2 MB) containing "Miasma: The Spreading Blight" comments.
- **Behavioral:** Unexpected `npm publish` events occurring via OIDC tokens; new GitHub Action workflows modified to install the "Bun" runtime.
## Response Actions
- **Containment:** Removal of 96 malicious package versions from the npm registry.
- **Eradication:** Revocation of the compromised GitHub employee account and related OIDC trust tokens.
- **Recovery:** Restoration of verified package versions and internal audits of development environments to ensure no malware persistence.
## Lessons Learned
- **Credential Fragility:** Even highly secured organizations are vulnerable to single-employee account compromises if MFA or anomaly detection is bypassed.
- **OIDC Risks:** While OIDC trusted publishing is more secure than static tokens, if the source (GitHub) is compromised, the trust extends to the attacker.
- **Tooling Isolation:** Red Hat’s practice of separating internal development tooling from customer-facing production code successfully mitigated broader impact.
## Recommendations
- **Enforce Hardware MFA:** Mandate FIDO2/WebAuthn hardware keys for all developers with repository write access.
- **Pipeline Governance:** Implement mandatory code review (branch protection) for any changes to GitHub Action workflows or build scripts.
- **Secret Scanning:** Employ automated tools to monitor for the exposure of OIDC tokens or unusual repository commits.
- **Developer Hygiene:** Educate developers on rotating local credentials frequently and avoiding the storage of long-lived secrets in plain-text `.env` files.