Over 30 Red Hat npm Packages Compromised by Shai-Hulud Malware Variant
Published
Key Takeaways
- Supply-Chain Compromise: Over 30 Red Hat npm packages were backdoored with a new variant of the Shai-Hulud dubbed Miasma.
- Credential Harvesting: The malicious payload targeted extensive developer credentials, cloud secrets, and infrastructure tokens.
- Internal Containment: Red Hat confirmed the breach was limited to internal development tooling with no customer impact.
More than 30 npm packages under Red Hat's @redhat-cloud-services namespace were compromised in a recent supply chain attack. This intrusion distributed a new variant of the Shai-Hulud credential-stealing malware, officially dubbed Miasma.
Security firms Aikido and OX Security discovered the incident, identifying dozens of backdoored package versions designed to steal developer credentials, cloud secrets, SSH keys, CI/CD tokens, and other highly sensitive information.
Technical Execution of the Attack
According to Aikido, these compromised packages receive approximately 117,000 downloads weekly, with 32 packages and 96 specific versions directly affected by the breach. Aikido researchers stated that attackers allegedly compromised a Red Hat employee's GitHub account and pushed malicious commits to the repositories.
OX Security noted over 210 compromised GitHub repositories, and BleepingComputer had reached 309 repositories compromised by the Miasma campaign at the time of writing.
The threat actors added a GitHub Actions workflow and script, subsequently utilizing npm trusted publishing with an OIDC token to release the backdoored packages. The resulting malicious index.js file was approximately 4.2 MB. It specifically targeted:
- GitHub Actions secrets,
- AWS credentials,
- Google Cloud Platform (GCP) credentials,
- Azure cloud credentials,
- HashiCorp Vault tokens,
- Kubernetes service account tokens,
- npm and PyPI publishing tokens,
- SSH keys,
- Docker credentials,
- GPG keys,
- .env files.
The enterprise clarified that the packages were strictly limited to internal development and that the malicious code was never published for customer consumption via console.redhat.com.
Incident Response and Attribution
Red Hat promptly removed the affected packages from the npm registry, stating that it had not identified any impact on customer or partner environments or Red Hat production systems. Researchers linked the malware architecture to similarities with Mini Shai-Hulud, though it remains unclear whether TeamPCP or another threat actor orchestrated the attack.
Last month, the first clones of the Shai-Hulud worm emerged in the npm supply chain days after TeamPCP released the source code, around the sme time the threat actor claimed the Mistral AI breach in connection with the TanStack supply chain attack. Also, GitHub investigated the TeamPCP 4,000-repository breach claim.
In December 2025, a Red Hat server breach exposed 21,000 Nissan customers, and two months earlier, the security company confirmed a breach of a consulting GitLab instance, with hackers claiming to have stolen 570GB of client data.
In September 2025, multiple CrowdStrike npm packages were compromised in a growing supply chain attack identified as a continuation of the Shai-Hulud campaign.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular