Issuer: Adverse Trace Date issued: 2026-06-03 Version: 1.0
1. Executive summary
A sophisticated supply chain attack dubbed "Miasma" has compromised 32 npm packages within the @redhat-cloud-services scope, affecting over 90 versions. The intrusion originated from the upstream RedHatInsights/javascript-clients CI/CD pipeline, allowing attackers to publish trojanized packages with authentic GitHub Actions OIDC provenance signatures. Upon installation, a preinstall hook executes a multi-stage dropper that harvests credentials from GitHub Actions, AWS, Azure, GCP, HashiCorp Vault, and local developer environments, while attempting lateral propagation via repository forgery. For EMEA financial services, the immediate risk involves the potential compromise of CI/CD pipeline secrets, cloud infrastructure access, and the integrity of downstream software artifacts relying on these dependencies.
2. Regulatory framing
| Regulation | Article / Requirement | Practical Impact for Financial Entities |
|---|---|---|
| DORA | Art. 17 (Management of ICT Third-Party Risk) | Immediate assessment required for all third-party code dependencies; verify if @redhat-cloud-services packages are present in production or build pipelines. |
| DORA | Art. 19 (Incident Reporting) | If credential theft leads to unauthorized access or data loss, this constitutes a "major" incident requiring notification to competent authorities within 24 hours. |
| DORA | Art. 28-30 (Digital Operational Resilience Testing) | Validates the need for rigorous supply chain testing and threat-led penetration testing (TLPT) of CI/CD pipelines against supply chain injection. |
| NIS2 | Art. 21(2)(d) (Supply Chain Security) | Mandates specific measures to assess and manage risks stemming from dependencies on suppliers and service providers, including software acquisition. |
| NIS2 | Art. 23 (Incident Reporting) | Requires early warning and incident notification if the compromise affects essential services or critical infrastructure within the financial sector. |
| UK NIS | Reg. 13 (Security of Network and Information Systems) | Obliges operators of essential services to take appropriate measures to manage risks posed by dependencies on supply chains. |
3. Attack chain
- Pipeline Compromise: Attackers compromised the
RedHatInsights/javascript-clientsCI/CD pipeline, utilizing legitimate GitHub Actions OpenID Connect (OIDC) workflows to publish malicious packages. - Trojanized Publication: 32 packages under the
@redhat-cloud-servicesscope were published with valid SLSA provenance signatures, masking the compromise. - Preinstall Trigger: Installation of any affected package triggers a
preinstallhook defined inpackage.json. - Dropper Execution: The hook executes a 4.29 MB heavily obfuscated JavaScript dropper (
index.js). - Runtime Deployment: The dropper decrypts AES-128-GCM encrypted blobs, downloads the Bun JavaScript runtime, and executes the secondary payload via Bun to evade Node.js-specific monitoring.
- Credential Harvesting: The payload scans process memory (specifically
Runner.WorkerPID on Linux) to extract GitHub Actions secrets, SSH keys, CLI credentials, and cloud provider tokens (AWS, Azure, GCP, Vault). - Privilege Escalation: On Linux systems, the malware attempts to inject passwordless sudo rules via
/etc/sudoers.d. - Exfiltration & Propagation: Stolen credentials are exfiltrated to attacker-controlled GitHub repositories (Channel A). The malware attempts to propagate by injecting malicious code (
.github/setup.js) into non-protected branches of victim-owned repositories (Channel B).
Unconfirmed steps: While the primary payload includes a dormant HTTPS sender configured for api.anthropic.com, current analysis indicates this path is disabled (noop: true) in the observed samples. Attribution to specific threat actor groups remains unconfirmed; the campaign marker "Miasma: The Spreading Blight" is present, but linkage to prior "Shai-Hulud" variants is based on TTP similarity rather than confirmed infrastructure overlap.
4. Recommended actions
P1: Immediate (Within 24 Hours) * Audit Dependencies: Scan all package-lock.json and yarn.lock files for the specific malicious versions listed in Section 5. Remove or pin to known-good versions immediately. * Rotate Credentials: Assume compromise of any environment where affected packages were installed. Rotate: * GitHub Personal Access Tokens (PATs) and OAuth apps. * AWS Access Keys, Azure Service Principals, and GCP Service Account keys. * SSH keys located in ~/.ssh/. * NPM tokens (~/.npmrc). * Inspect CI/CD Runners: Check GitHub Actions runners for unauthorized processes. Look for bun execution chains originating from npm install. * Review Repository Activity: Audit GitHub audit logs for unauthorized commits to .github/setup.js or creation of new repositories with randomized names (pattern: adjective-creature-<0–99999>).
P2: Containment & Forensics (Within 72 Hours) * Process Monitoring: Deploy detection rules for the process chain: node → shell → bun → [obfuscated script]. * File System Hunt: Search for the injection of passwordless sudo rules: echo 'runner ALL=(ALL) NOPASSWD:ALL' in /etc/sudoers.d/. * Network Analysis: Monitor for outbound connections to api.anthropic.com or unusual GitHub API traffic utilizing python-requests/2.31.0 user-agents from build agents. * Memory Analysis: If possible, capture memory dumps of CI/CD runners to check for secrets extracted via /proc/[pid]/cmdline scraping.
P3: Remediation & Hardening (Within 7 Days) * Pin Dependencies: Enforce strict version pinning in package.json (remove caret ^ and tilde ~ ranges) for all critical dependencies. * Protect Branches: Ensure all critical repositories have branch protection rules enabled to prevent direct pushes to default branches and require status checks. * OIDC Review: Review GitHub Actions OIDC trust policies to ensure least-privilege access to cloud resources. * Supply Chain Verification: Implement SLSA level 3+ verification for internal builds to detect provenance forgery attempts.
5. Indicators of compromise
| Type | Value | Confidence | Source |
|---|---|---|---|
| NPM Scope | @redhat-cloud-services (Malicious versions only) |
High | Microsoft / Snyk |
| File Hash | Dropper script size: ~4.29 MB (Obfuscated index.js) |
High | Microsoft |
| Process | Execution chain: node → shell → bun |
High | Microsoft |
| File Path | /etc/sudoers.d/runner (Injected sudo rule) |
High | Microsoft |
| Network | User-Agent: python-requests/2.31.0 (from CI/CD context) |
Medium | Microsoft |
| Repo Pattern | GitHub Repo Name: adjective-creature-<0–99999> |
Medium | Microsoft |
| File Path | .github/setup.js (Injected propagation script) |
High | Microsoft |
| String | Campaign Marker: "Miasma: The Spreading Blight" | High | Microsoft |
| Domain | api.anthropic.com (Dormant C2/Validation) |
Low | Microsoft |
Note: Specific malicious package versions are extensive. Clients must cross-reference their lockfiles against the full list provided in the primary source (Microsoft) covering 32 packages including types, frontend-components, rbac-client, and chrome.
6. Sources
- Microsoft Threat Intelligence, "Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign," 2026-06-02. URL
- Snyk Vulnerability Blog, "Miasma supply chain attack: malicious code found in @redhat-cloud-services npm packages." URL
- BleepingComputer, "Red Hat npm packages compromised to steal developer credentials." URL
- Step Security, "Multiple redhat-cloud-services npm Packages compromised." URL
- Help Net Security, "Red Hat npm packages compromised in new Mini Shai-Hulud malware wave," 2026-06-02. URL
7. Adverse Trace position
We assess the severity of this incident as Critical for organizations utilizing the @redhat-cloud-services namespace or any transitive dependencies thereof. The combination of valid OIDC signatures, multi-stage obfuscation, and active credential harvesting from CI/CD environments represents a high-fidelity threat to cloud infrastructure integrity. The ability of the malware to forge SLSA provenance and propagate laterally via repository injection significantly expands the blast radius beyond the initial compromise. Adverse Trace is actively monitoring for secondary waves targeting similar CI/CD pipelines and will update this advisory if attribution confidence increases or new IOCs emerge. Clients should treat any exposure to the listed package versions as a confirmed breach of their build environment.
Published via PulseTrace — Adverse Trace threat intelligence.