More than 30 npm packages in Red Hatβs @redhat-cloud-services namespace were compromised in a supply-chain attack that deployed the new Shai-Hulud variant βMiasmaβ to steal developer credentials and cloud secrets. Red Hat says the affected packages were limited to internal development tooling, but researchers report the campaign has already compromised 309 GitHub repositories and is linked to similarities with Mini Shai-Hulud. #RedHat #Miasma #ShaiHulud #MiniShaiHulud
Keypoints
- Over 30 npm packages in Red Hatβs @redhat-cloud-services namespace were backdoored.
- The malicious code targeted developer credentials, cloud secrets, SSH keys, and CI/CD tokens.
- Red Hat removed the affected packages and said the issue was limited to internal development tooling.
- Attackers allegedly abused a compromised Red Hat employee GitHub account to publish poisoned packages.
- The Miasma campaign shares traits with Mini Shai-Hulud and has compromised 309 GitHub repositories.