Executive Summary
On June 1, 2026, a critical supply chain attack known as Miasma was identified targeting the @redhat-cloud-services namespace on the npm package registry. At least 32 package releases were found to contain a credential-stealing worm, derived from the (Mini) Shai-Hulud malware, which was introduced via a compromised Red Hat employee’s GitHub account. The malicious code was embedded in preinstall scripts, enabling automatic execution during package installation and harvesting of developer credentials, CI/CD secrets, and cloud provider identities. The worm also attempted to propagate itself by republishing to other npm packages accessible to the compromised developer. While the affected packages averaged approximately 80,000 weekly downloads, Red Hat confirmed that no official Red Hat products were shipped with the compromised versions, and the incident was rapidly contained through revocation of malicious releases and coordinated response with the open source security community. All technical findings and timelines are based on direct evidence from primary sources, including Wiz, Red Hat, and Snyk. Sources: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages, https://access.redhat.com/security/supply-chain-attacks-NPM-packages, https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
Technical Information
The Miasma supply chain attack represents a sophisticated compromise of the npm ecosystem, specifically targeting the @redhat-cloud-services namespace. The attack leveraged a compromised Red Hat employee’s GitHub account to inject malicious code into multiple repositories, bypassing standard code review processes. The attacker introduced orphan commits containing a minimal GitHub Actions workflow, which requested an OpenID Connect (OIDC) token for npm publishing and executed an obfuscated payload (_index.js) that published the malicious packages with valid SLSA (Supply-chain Levels for Software Artifacts) provenance attestations. Source: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
The malicious payload was embedded as a preinstall script in each compromised package. In the npm ecosystem, preinstall scripts are executed automatically during the installation process, before any user code runs. This mechanism allowed the worm to activate as soon as a developer or CI/CD pipeline resolved the dependency, without requiring explicit execution. The payload itself was a heavily obfuscated JavaScript file, employing eval() and ROT-based string decoding to conceal its logic. Each infection generated a uniquely encrypted payload, rendering hash-based indicators of compromise (IOCs) effective only for specific package versions and complicating detection efforts. Source: https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
Upon execution, the payload harvested a wide range of sensitive information from the infected environment. This included npm tokens, GitHub tokens, SSH keys, environment variables, and CI/CD secrets. Notably, the Miasma variant introduced new collectors for Google Cloud Platform (GCP) and Microsoft Azure identities, enabling enumeration of all cloud identities accessible from the infected host. This represents an evolution from previous (Mini) Shai-Hulud variants, which primarily targeted static secrets. The worm also queried the npm registry for other packages the compromised identity could publish, republishing itself to those packages and thereby enabling rapid propagation across the supply chain. Source: https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
The attack was detected and analyzed by multiple independent security research teams. Wiz provided a detailed timeline of the attack, identifying two distinct waves of malicious commits and package releases. The first wave occurred on June 1, 2026, with most malicious versions revoked by 1PM UTC, though two remained live at the time of reporting. The second wave was identified later the same day, with additional details about the payload and its propagation mechanisms. Source: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
Attribution of the attack is assessed with high confidence to the (Mini) Shai-Hulud malware family, originally developed by TeamPCP. However, because the code was publicly released, it is possible that other threat actors replicated or adapted the techniques. The tradecraft observed in Miasma—including the use of obfuscated JavaScript, automated credential harvesting, and worm-like propagation—matches previous TeamPCP campaigns, but direct attribution to the group is of medium confidence. Source: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages
The attack’s impact was mitigated by rapid response from the open source security community and Red Hat. All known malicious package versions were revoked, and no official Red Hat products were found to include the compromised packages. The incident highlights the risks inherent in the software supply chain, particularly for organizations relying on third-party npm dependencies in their build pipelines. Source: https://access.redhat.com/security/supply-chain-attacks-NPM-packages
Affected Versions & Timeline
The attack targeted at least 32 releases across multiple packages in the @redhat-cloud-services namespace. Affected versions include, but are not limited to, @redhat-cloud-services/topological-inventory-client versions 3.0.10, 3.0.11, and 3.0.13; @redhat-cloud-services/compliance-client versions 4.0.3, 4.0.4, and 4.0.6; and @redhat-cloud-services/rbac-client versions 9.0.3, 9.0.4, and 9.0.6. The full list of affected packages and versions is available at https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages.
The timeline of the attack is as follows. On June 1, 2026, malicious releases were published across the @redhat-cloud-services namespace in a first wave. By approximately 1PM UTC, the compromise was publicly disclosed and most malicious versions were revoked, with two still live at that time. Around 2PM UTC, the root cause was published, identifying the compromised employee account and the use of OIDC-published packages with valid SLSA provenance. Between 2:20PM and 3PM UTC, a second wave of malicious commits was identified, along with additional details about the payload’s new GCP and Azure identity collectors. Sources: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages, https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
Red Hat issued an official advisory on December 12, 2025, confirming that no compromised versions were included in any official Red Hat products and that the incident posed no risk to customers via those products. Source: https://access.redhat.com/security/supply-chain-attacks-NPM-packages
Threat Activity
The Miasma worm’s primary objective was to harvest credentials and secrets from infected environments and to propagate itself across the npm ecosystem. The attack began with the compromise of a Red Hat employee’s GitHub account, which was used to push malicious orphan commits to two RedHatInsights repositories. These commits bypassed code review and introduced a minimal GitHub Actions workflow that requested an OIDC token and executed an obfuscated payload. The workflow published the compromised packages to npm with valid SLSA provenance, making the releases appear legitimate.
Upon installation, the preinstall script executed the obfuscated payload, which performed several malicious actions. It harvested secrets and credentials from the local environment, including npm tokens, GitHub tokens, SSH keys, and CI/CD secrets. The payload also enumerated cloud identities for GCP and Azure, collecting all identities the infected machine could access. This represents a shift in attacker focus from static secret extraction to active cloud identity enumeration and potential lateral movement within cloud environments.
The worm then queried the npm registry for other packages the compromised identity could publish and republished itself to those packages, carrying the same payload. This self-propagation mechanism enabled rapid spread across the supply chain, increasing the risk of further compromise. The payload’s heavy obfuscation and unique encryption per infection complicated detection and response efforts.
Indicators of compromise include repositories with the description “Miasma: The Spreading Blight” and the use of the user-agent “google-api-nodejs-client/7.0.0 gl-node/20.11.0 gccl/7.0.0” for GCP querying. Sources: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages, https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/
Mitigation & Workarounds
The following mitigation steps are prioritized by severity:
Critical: Immediately audit all usage of @redhat-cloud-services npm packages in your environment. If any affected versions were installed or present in your build pipelines, treat all credentials, secrets, and cloud identities on those systems as compromised. Rotate all npm tokens, GitHub tokens, SSH keys, and cloud provider credentials that may have been exposed.
High: Remove all affected package versions from your codebase, build pipelines, and artifact repositories. Replace them with clean versions after verifying their integrity against the official source repositories.
High: Review all CI/CD pipelines and developer workstations for evidence of compromise, including unauthorized access, anomalous package publishing activity, and the presence of obfuscated JavaScript files or unexpected preinstall scripts.
Medium: Implement strict controls on the use of preinstall and other lifecycle scripts in npm packages. Where possible, use npm configuration options to disable the execution of lifecycle scripts from third-party dependencies.
Medium: Enforce multi-factor authentication (MFA) and least-privilege access for all developer and CI/CD accounts, especially those with package publishing permissions.
Low: Monitor for indicators of compromise, such as repositories with the description “Miasma: The Spreading Blight” and the specified GCP user-agent string. Maintain up-to-date threat intelligence feeds for npm supply chain attacks.
All organizations should review the full list of affected packages and versions at https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages and consult the official Red Hat advisory at https://access.redhat.com/security/supply-chain-attacks-NPM-packages for additional guidance.
References
Wiz technical analysis and timeline: https://www.wiz.io/blog/miasma-supply-chain-attack-targeting-redhat-npm-packages (June 1, 2026) Red Hat official advisory: https://access.redhat.com/security/supply-chain-attacks-NPM-packages (December 12, 2025) Snyk technical analysis and remediation: https://snyk.io/blog/miasma-supply-chain-attack-malicious-code-redhat-cloud-services-npm-packages/ (June 1, 2026) StepSecurity: https://www.stepsecurity.io/blog/ctrl-tinycolor-and-40-npm-packages-compromised Socket: https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages ReversingLabs: https://www.reversinglabs.com/blog/shai-hulud-worm-npm
About Rescana
Rescana provides a third-party risk management (TPRM) platform designed to help organizations identify, assess, and monitor supply chain risks across their software ecosystem. Our platform enables continuous visibility into third-party dependencies, automated detection of anomalous package activity, and rapid response workflows for supply chain incidents. For questions or further assistance, contact us at ops@rescana.com.
