On June 1, 2026, a significant software supply chain attack known as Miasma compromised 32 npm packages under the @redhat-cloud-services namespace, impacting between 80,000 and 116,000 weekly downloads. Microsoft Threat Intelligence and multiple security vendors confirmed that the attack originated from the compromise of a Red Hat employee’s GitHub account.
Miasma is a self-propagating credential-stealing worm derived from the Mini Shai-Hulud framework developed by TeamPCP. The malware executes automatically during the npm installation process and targets developer workstations and continuous integration/continuous delivery environments. It steals Secure Shell keys, cloud credentials, browser-stored secrets, cryptocurrency wallet data, and continuous integration secrets, then automatically propagates itself to additional npm packages.
Unlike traditional typosquatting attacks, the threat actors compromised legitimate packages within the trusted @redhat-cloud-services namespace and published malicious versions using official publishing mechanisms. All affected packages have been removed from npm; however, any environment that installed them should immediately assume a credential compromise and initiate comprehensive credential rotation procedures.
The attack originated from the RedHatInsights/javascript-clients continuous integration and continuous delivery pipeline. According to WhiteIntel, credentials and session cookies belonging to a Red Hat employee were identified within infostealer logs on April 13 and May 15, 2026. Threat actors leveraged these stolen credentials to access Red Hat repositories and inject malicious GitHub Actions workflows into three Red Hat Insights projects.
The malicious workflows abused GitHub Actions OpenID Connect trusted publishing capabilities to authenticate directly to npm without requiring traditional npm credentials. Because the attack utilized legitimate trusted publishing mechanisms, malicious package versions were published through authorized channels, significantly increasing trust and reducing suspicion.
The Miasma payload was embedded within the package.json preinstall lifecycle hook. Because npm executes preinstall scripts automatically during installation, the malware executed before any application code was loaded and without requiring user interaction.
The payload consisted of heavily obfuscated JavaScript that downloaded the appropriate Bun runtime for the target operating system, including Linux, macOS, and Windows. Once executed, the malware harvested Secure Shell keys, cloud provider credentials, browser credentials, cryptocurrency wallet data, and runtime secrets.
Within continuous integration and continuous delivery environments, the malware scraped GitHub Actions runner memory to collect available environment variables, secrets, access tokens, cloud credentials, deployment keys, and npm publishing tokens. Using harvested npm publishing credentials, Miasma automatically republished malicious versions of additional packages and forged Supply-chain Levels for Software Artefacts provenance attestations to facilitate further propagation while bypassing supply chain security controls.
The details and technicalities of the attack campaign are discussed further.
Delivery and Infection Chain:
The Miasma attack chain is specifically designed for autonomous propagation. Each infected developer workstation or continuous integration environment becomes a new distribution point capable of infecting additional packages and downstream victims.
The infection chain was identified as follows:
Technical Capabilities:
Miasma is derived from the Mini Shai-Hulud framework, an open-source supply chain worm toolkit developed and distributed by the threat actor group TeamPCP. The framework was publicly released on GitHub and promoted on BreachForums during May 2026.
Since April 2026, variants of the Shai-Hulud framework have been observed targeting multiple software ecosystems, including npm and Python Package Index repositories. Confirmed victims include Bitwarden command-line interface packages, SAP-related npm packages, PyTorch Lightning repositories, and numerous other open-source projects.
One of the most concerning capabilities of Miasma is its ability to forge Supply-chain Levels for Software Artefacts provenance attestations. Supply-chain Levels for Software Artefacts was designed to provide integrity verification and trust validation for software packages. However, Microsoft Threat Intelligence confirmed that Miasma successfully manipulated these attestations to bypass existing verification mechanisms and maintain trust during package distribution.
Additional capabilities include automated credential harvesting, continuous integration and continuous delivery memory scraping, Secure Shell key theft, cloud credential collection, cryptocurrency wallet theft, automated npm package republishing, cross-platform execution using Bun runtime environments, and self-propagation across software supply chains.
Collectively, these capabilities demonstrate a highly sophisticated supply chain threat engineered to evade modern software security controls while maximizing propagation across developer ecosystems.
Attribution and Evolution:
The campaign has been attributed to TeamPCP, a threat actor group that Microsoft Threat Intelligence has been tracking since the emergence of the initial Shai-Hulud attacks in April 2026.
TeamPCP publicly released the Mini Shai-Hulud source code and advertised the framework through BreachForums, making advanced supply chain attack capabilities available to a broader criminal audience. This public release significantly accelerated adoption and proliferation across software ecosystems.
The Miasma variant differs from earlier versions by replacing the Dune-inspired terminology used in Mini Shai-Hulud with references to Greek mythology. The name "Miasma" originates from the ancient Greek concept of ritual contamination that spreads between individuals and environments, reflecting the malware’s self-propagating nature.
The structured campaign timeline, credential compromise activity, and coordinated deployment indicate deliberate reconnaissance and long-term preparation prior to the June 2026 compromise of Red Hat’s software supply chain.
Active Campaign and Geographic Spread:
The compromised @redhat-cloud-services packages are used globally by organizations integrating with Red Hat Hybrid Cloud Console environments, including OpenShift deployments, Red Hat Enterprise Linux management platforms, and hybrid cloud infrastructure solutions.
Because the affected packages support globally deployed enterprise environments, the campaign has a worldwide impact across software development, cloud infrastructure, and enterprise operations.
Organizations across the UAE and broader MENA region are directly exposed if they utilize Red Hat products, maintain npm-based development environments, operate continuous integration and continuous delivery pipelines, or install packages from the @redhat-cloud-services namespace.
The self-propagating nature of Miasma significantly expands the attack surface beyond the initial 32 affected packages. Any developer or organization compromised through these packages may unknowingly distribute additional infected packages, creating secondary and tertiary infection chains throughout the global software ecosystem.
Any environment that executed npm install on affected packages between June 1, 2026, and package removal should be treated as potentially compromised.
Conclusion:
Miasma represents one of the most significant software supply chain compromises observed during 2026 and demonstrates a substantial evolution in the Shai-Hulud malware ecosystem.
By combining OpenID Connect trusted publishing abuse, automatic preinstall execution, continuous integration secret harvesting, credential theft, self-propagation, and forged Supply-chain Levels for Software Artefacts attestations, the campaign was specifically engineered to bypass many of the controls currently considered industry best practices for software supply chain security.
The public release of the underlying framework significantly increases future risk, as similar capabilities are now accessible to a wider range of threat actors. Organizations utilizing npm-based development workflows should immediately assess exposure, audit package installations during the affected timeframe, rotate all potentially exposed credentials, and strengthen runtime package security validation controls throughout development pipelines.
Any environment that installed affected @redhat-cloud-services packages between June 1, 2026, and their subsequent removal should consider all accessible credentials compromised and initiate immediate credential rotation procedures.
This includes GitHub Actions secrets and tokens, Amazon Web Services credentials, Microsoft Azure credentials, Google Cloud Platform credentials, Secure Shell keys, npm publishing tokens, browser-stored credentials, cryptocurrency wallet information, deployment secrets, and any credentials accessible from affected developer systems or continuous integration environments.
The self-propagating nature of the malware introduces additional risk beyond initial compromise. Packages maintained by affected developers may have been unknowingly republished with malicious code, potentially creating secondary compromise events throughout the broader npm ecosystem.
For organizations operating within the UAE and wider MENA region, compromise involving customer information, cloud environments, development infrastructure, or sensitive corporate data may trigger regulatory obligations under applicable cybersecurity and data protection frameworks, including UAE Personal Data Protection Law requirements. The resulting operational, financial, regulatory, and reputational consequences may be significant.
https://thehackernews.com/2026/06/miasma-supply-chain-attack-compromises.html
