Dozens of Red Hat Packages Compromised in Sophisticated Supply Chain Attack

A sophisticated and widespread software supply chain attack on June 1, 2026, compromised more than 30 official npm packages published by Red Hat. The attack injected a credential-stealing worm, dubbed “Miasma,” into packages under the @redhat-cloud-services scope, a collection of tools used by developers to interact with Red Hat’s cloud offerings. The malware was designed to execute automatically upon installation, harvesting a vast array of sensitive developer and cloud infrastructure secrets. This incident is a stark reminder that software supply chains are a primary target for attackers seeking to infiltrate business operations. For small and mid-sized companies, the cascading impact of a single compromised developer tool can be devastating, as the trust placed in official software vendors becomes a vector for attack. The attack was carried out in two distinct waves after a threat actor compromised a Red Hat employee’s GitHub account, according to a report from Orca Security. Rather than stealing a developer’s npm publishing token directly, the attacker injected malicious workflows into three of Red Hat’s public code repositories. These workflows then abused the legitimate automation process, using GitHub Actions OpenID Connect (OIDC) tokens to publish the backdoored versions of the packages to the public npm registry. This method represents a more advanced attack on the CI/CD (Continuous Integration/Continuous Deployment) pipeline itself, making it harder to detect than a simple account takeover. The malicious code was triggered by a “preinstall” script embedded in each compromised package’s configuration file. This lifecycle hook ensures the malware runs immediately when a developer installs the package using the `npm install` command, even before any of the legitimate package code is executed. The payload itself was a heavily obfuscated 4.2 MB JavaScript file, designed to evade simple static analysis tools. Researchers at Aikido Security noted the malware bears a strong resemblance to “Mini Shai-Hulud,” a supply chain malware toolkit that was recently open-sourced, suggesting that attackers are now adapting publicly available tools for their campaigns. Once executed, the Miasma worm performs an exhaustive sweep for credentials across a victim’s system. The scope of the data theft is extensive, targeting secrets for major cloud providers including AWS access keys, Google Cloud service account keys, and Azure service principal credentials. It also seeks to harvest tokens and keys related to critical development and operations infrastructure, such as GitHub tokens, Kubernetes configuration files, HashiCorp Vault tokens, npm and PyPI publishing tokens, and Docker registry credentials, according to analysis from StepSecurity. The malware’s search extends beyond infrastructure secrets to local developer files, including SSH private keys, GPG keys, shell history files, and any `.env` files, which commonly store sensitive application secrets in plain text. This broad approach ensures that the attackers can gain deep and persistent access not only to the infected machine but to the entire cloud and development ecosystem it has access to. The scope of data targeted by this malware goes far beyond typical IT security concerns. When attackers gain access to cloud credentials, private code repositories, and deployment keys, they effectively hold the keys to a company's entire operational infrastructure. We've seen situations where such a breach leads not just to data theft, but to operational sabotage or significant financial fraud. This is where proactive financial risk management becomes critical for survival, assessing exposure before an incident occurs. Beyond simple credential theft, the malware employs advanced techniques to maintain persistence on a developer’s workstation. Security researchers found that it injects malicious hooks into the configuration files of popular code editors like Visual Studio Code and Claude Code. These hooks are configured to automatically execute attacker-controlled code every time a developer opens a project folder or starts a new coding session, meaning the infection can survive even after the compromised npm package is identified and removed. Furthermore, the malware uses a covert method for exfiltrating the stolen data. Using a harvested GitHub token, it creates new commits within the victim’s own repositories containing the stolen credentials. This data is encoded and hidden within what appears to be normal git activity. Because this traffic is directed to `api.github.com`, a universally trusted domain in corporate networks, it is extremely difficult to detect with standard network monitoring tools. While this attack was detected relatively quickly, the history of software supply chain incidents shows that malicious code can often go unnoticed for extended periods. Past compromises, such as the `event-stream` incident which persisted for two months and the XZ Utils backdoor which was active for weeks, demonstrate the potential for long-term, undetected infiltration. These precedents underscore the severe risk posed by the Miasma attack and the need for immediate, thorough remediation. In our experience, responding to these incidents requires a multi-faceted approach that combines technical remediation with a clear-eyed business impact assessment. It is not enough to just rotate keys; companies must understand what financial and operational processes were exposed. For businesses navigating the fallout of such a supply chain compromise, C&S Finance Group LLC provides expert guidance on business process reengineering to build more resilient systems. Business leaders can learn more at csfinancegroup.com. Security firms and Red Hat have urged all organizations that installed any of the affected package versions since June 1 to assume a full breach of their development and cloud environments. The recommended response includes isolating affected developer machines and CI/CD runners, rotating all cloud credentials, API keys, and SSH keys, auditing all code repositories for unauthorized changes, and preserving system images for forensic analysis. Users are advised to remove the compromised packages and pin their dependencies to known-good versions published before the attack. Following this incident, security experts anticipate increased scrutiny on the security of CI/CD pipelines and the use of OIDC tokens for publishing packages. The open-source community and security vendors will likely accelerate the development of tools to detect and block sophisticated attacks that poison the software supply chain at the source, rather than relying on detecting malicious packages after they have already been distributed.