A large-scale npm supply chain attack has compromised dozens of official packages under the @redhat-cloud-services scope, exposing thousands of developers and automated CI/CD environments to credential theft and malware execution.

Security researchers at Aikido revealed that attackers published 96 malicious versions across 32 packages on June 1, 2026, impacting packages with a combined 116,000 weekly downloads. The campaign demonstrates a significant evolution in supply chain threats, exploiting trusted publishing mechanisms rather than traditional credential theft.

Key Details

Unlike typical npm breaches, this attack did not rely on stolen API tokens. Instead, attackers compromised a developer’s GitHub account and abused:

• GitHub Actions OIDC (OpenID Connect) trusted publishing
• Automated CI/CD workflows
• Repository-level access controls

The attackers injected:

• Malicious orphan commits
• A rogue CI workflow file (ci.yaml)
• A heavily obfuscated JavaScript payload

This allowed them to bypass manual reviews and automatically publish backdoored package versions to npm.

The campaign has been linked to the Mini Shai-Hulud malware family, specifically a modified variant named “Miasma.”

Technical Analysis

CI/CD Pipeline Compromise via OIDC Abuse

The attack exploited a key trust mechanism in modern DevOps pipelines.

Here’s how it worked:

1. Attackers gained access to a developer’s GitHub account
2. Injected malicious commits into repositories
3. Added a CI workflow with id-token:write permissions
4. Generated short-lived authentication tokens via OIDC
5. Automatically published compromised npm packages

This aligns with MITRE ATT&CK T1552 (Unsecured Credentials) and T1195 (Supply Chain Compromise).

Malicious Package Execution

Once installed, compromised packages executed a preinstall script:

• Delivered a 4.2 MB obfuscated payload
• Executed before most security tools could intervene
• Initiated credential harvesting immediately

Credential Harvesting Capabilities

The Miasma payload targeted a wide range of sensitive data:

• GitHub Actions tokens (GITHUB_TOKEN, ACTIONS_RUNTIME_TOKEN)
• Cloud provider credentials:
  • AWS
  • Google Cloud
  • Azure
• SSH private keys
• npm and PyPI authentication tokens
• Docker credentials
• Kubernetes configuration files
• .env files

This broad targeting indicates a focus on developer environments and cloud infrastructure access.

Worm-Like Propagation

The malware exhibits self-propagation behavior:

• Uses stolen credentials to republish compromised packages
• Infects additional projects automatically
• Expands reach across interconnected ecosystems

This makes it particularly dangerous in large-scale DevOps environments.

Impact and Risks

Who Is Affected

• Developers using affected npm packages
• Organizations with automated CI/CD pipelines
• Cloud-native environments relying on these dependencies

Potential Impact

Organizations may face:

• Full credential compromise across environments
• Unauthorized access to cloud infrastructure
• Supply chain propagation into internal projects
• Data exfiltration and system manipulation

Security experts warn that any system running affected versions should be treated as fully compromised.

Real-World Implications

Because npm packages are deeply integrated into modern development workflows:

• A single compromised dependency can spread rapidly
• CI/CD systems amplify the attack surface
• Automated builds can unknowingly deploy malware

Expert Recommendations

Immediate действий

1. Rotate Credentials Immediately

• Revoke and regenerate all:
  • API keys
  • Cloud credentials
  • CI/CD tokens

2. Audit CI/CD Pipelines

• Review GitHub Actions workflows
• Restrict id-token:write permissions
• Validate pipeline integrity

3. Identify Affected Packages

• Check for installations of compromised versions
• Remove and replace with trusted versions

4. Scan for Indicators of Compromise

• Inspect logs for unusual package activity
• Monitor unauthorized credential usage

5. Clean Build Environments

• Rebuild systems from known clean states
• Validate dependencies before redeployment

Long-Term Mitigation

• Pin package versions to trusted releases
• Monitor for unexpected orphan commits
• Enforce least-privilege access in CI/CD
• Implement software supply chain security tools (SCA, SBOM)

Industry Context

This attack reflects a growing trend of supply chain compromises targeting developer ecosystems.

The Mini Shai-Hulud framework, first released publicly in May 2026, has already been used in attacks targeting:

• Bitwarden CLI
• PyTorch Lightning
• Microsoft DurableTask
• SAP-related packages

The open-source nature of this toolkit has enabled multiple threat actors to adapt and deploy it rapidly.

More importantly, the incident highlights a critical gap:

Trusted publishing does not eliminate risk when CI/CD systems themselves are compromised.

As organizations increasingly rely on automated pipelines, attackers are shifting focus toward build systems and dependency chains.

Conclusion

The Red Hat npm supply chain attack marks a significant escalation in how attackers target modern software development pipelines.

By abusing trusted CI/CD mechanisms and leveraging worm-like propagation, threat actors have demonstrated how a single compromise can cascade across thousands of environments.

For developers and organizations, the priority is clear: secure the pipeline, validate dependencies, and assume breach when supply chain indicators are present.

---

FAQ SECTION

What is the npm supply chain attack reported here?

It is a large-scale compromise of Red Hat npm packages where attackers injected malware into published versions.

How were the packages compromised?

Attackers exploited GitHub Actions and OIDC trusted publishing after compromising a developer account.

What does the malware steal?

It targets credentials, including cloud keys, GitHub tokens, SSH keys, and configuration files.

Why is this attack dangerous?

It can spread automatically across development pipelines and expose entire cloud environments.

What should organizations do immediately?

Rotate credentials, audit pipelines, remove affected packages, and rebuild compromised environments.