Security

Red Hat npm Miasma Attack Hits CI/CD Supply Chains

3 min read

Summary

Microsoft Threat Intelligence uncovered a large-scale npm supply chain attack involving trojanized packages under the @redhat-cloud-services scope. The campaign abused a compromised CI/CD publishing workflow to deliver credential-stealing malware targeting GitHub, npm, AWS, Azure, GCP, Kubernetes, and developer systems, making it especially relevant for security teams and DevOps administrators.

Need help with Security?Talk to an Expert

Introduction

Microsoft has disclosed a significant software supply chain attack affecting npm packages published under the @redhat-cloud-services namespace. The campaign, dubbed Miasma, shows how attackers can abuse trusted CI/CD publishing workflows to distribute malicious packages with legitimate-looking provenance, raising the stakes for organizations that rely on open-source dependencies in build pipelines.

What’s new

Microsoft Threat Intelligence found that attackers compromised the upstream RedHatInsights/javascript-clients CI/CD pipeline and used the legitimate GitHub Actions OIDC publishing flow to push 32 malicious packages across more than 90 versions.

Key technical findings include:

  • Malicious preinstall hook: The infected packages executed automatically during npm install via a weaponized preinstall script.
  • Multi-stage malware chain: The package launched an obfuscated 4.29 MB dropper, decrypted additional payloads, downloaded the Bun runtime, and executed a second-stage stealer.
  • Broad credential theft: The malware targeted secrets from GitHub, npm, AWS, Azure, GCP, HashiCorp Vault, Kubernetes, and local developer environments.
  • CI/CD-focused behavior: On Linux runners, it scraped GitHub Actions runner memory for secrets and attempted privilege escalation using passwordless sudo.
  • Worm-like propagation: The payload tried to republish poisoned packages from compromised maintainer accounts using forged provenance metadata.
  • Destructive capability: In some scenarios, the malware could trigger rm -rf ~/, wiping a victim’s home directory.

Why this matters for administrators

This attack is notable because the malicious packages were published through a trusted publisher workflow, meaning they carried authentic provenance signatures. For IT and security teams, that weakens assumptions that signed or provenance-backed packages are automatically safe.

Organizations running Linux-based CI/CD pipelines are at particular risk, but developer workstations on Windows, macOS, and Linux were also targeted. Any environment with cached cloud credentials, SSH keys, browser data, or package publishing tokens could be exposed.

Administrators should take the following actions immediately:

  • Audit environments for any use of affected @redhat-cloud-services packages and related versions.
  • Rotate exposed credentials, especially for GitHub, npm, Azure, AWS, GCP, Vault, and Kubernetes.
  • Review CI/CD runners for unusual process chains such as node -> shell -> bun.
  • Check for unauthorized package publishing activity and suspicious provenance metadata.
  • Harden build agents by reducing token scope, limiting sudo access, and isolating runner secrets.
  • Use Microsoft Defender and related security tooling to investigate signs of credential theft or downstream package tampering.

Microsoft says it coordinated with npm to remove affected repositories and add protections to the namespace. Security teams should still treat this as a reminder to strengthen dependency governance, monitor software publishing workflows, and validate secrets exposure in CI/CD systems.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

npmsoftware supply chainCI/CD securitycredential theftMicrosoft Defender

Related Posts

Security

Microsoft Black Hat 2026: AI and Supply Chain Defense

Microsoft used Black Hat USA 2026 to spotlight how attackers are abusing trusted software, identities, cloud services, and AI systems to scale attacks. The company also highlighted ongoing npm supply chain investigations, new Microsoft Defender Experts capabilities, and research sessions that give security teams practical guidance for defending trust paths.

Security

ACR Stealer Campaigns: ClickFix Threats Rise

Microsoft reports increased ACR Stealer activity targeting enterprises through ClickFix social engineering, with two intrusion chains using WebDAV, Python loaders, MSHTA, obfuscated PowerShell, and steganography. The campaigns focus on stealing browser credentials, session tokens, and sensitive documents, making early detection and user awareness critical for defenders.

Security

AI Agent Least Privilege: Identity and RBAC Guide

Microsoft is urging organizations to treat AI agents as first-class identities with tightly scoped access, explicit role assignments, and controlled tool bindings. The guidance matters because agentic workflows can span multiple systems, increasing the blast radius of misconfigured permissions, weak audit trails, and unclear accountability.

Security

AsyncAPI npm Supply Chain Attack: Import-Time Malware

Microsoft Threat Intelligence uncovered a coordinated compromise of the AsyncAPI npm organization that republished five package versions with malicious code that runs when packages are imported, not just installed. The incident matters because common mitigations like npm install --ignore-scripts do not stop this technique, putting developer workstations, CI/CD pipelines, and production services at risk if they resolved the affected versions.

Security

Defender Experts Adds Threat Intelligence and MDR

Microsoft has launched Defender Experts Threat Intelligence and expanded Defender Experts MDR with third-party and multi-cloud coverage powered by Microsoft Sentinel. The update helps security teams turn threat intelligence into action faster by combining expert-led guidance, unified Defender portal workflows, and broader cross-platform incident response.

Security

Salesforce OAuth Abuse: Microsoft Guidance on ShinyHunters

Microsoft detailed how threat activity associated with ShinyHunters abused trusted OAuth relationships in Salesforce to gain persistent access, exfiltrate CRM data, and evade traditional sign-in detections. The company also announced improved Salesforce telemetry and near-real-time detection in Defender for Cloud Apps, giving security teams better visibility into connected apps, OAuth scopes, and suspicious SaaS activity.